CVE-2025-13001 | THREATINT

Description

The donation WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users, such as admin to perform SQL injection attacks

PUBLISHED Reserved 2025-11-11 | Published 2025-12-02 | Updated 2025-12-02 | Assigner WPScan

Problem types

CWE-89 SQL Injection

Product status

Default status

affected

Any version

affected

Credits

Yousof Nahya finder

WPScan coordinator

References

wpscan.com/...rability/4e7a8154-46bf-44c9-ad9a-273e99ae2104/ exploit vdb-entry technical-description

cve.org (CVE-2025-13001)

nvd.nist.gov (CVE-2025-13001)

Download JSON