Home

Description

The Plugin Organizer WordPress plugin before 10.2.4 does not sanitize and escape a parameter before using it in a SQL statement, allowing subscribers to perform SQL injection attacks.

PUBLISHED Reserved 2025-11-19 | Published 2025-12-29 | Updated 2025-12-29 | Assigner WPScan

Problem types

CWE-89 SQL Injection

Product status

Default status
unaffected

Any version before 10.2.4
affected

Credits

Alex Tselevich (nos3curity) finder

WPScan coordinator

References

wpscan.com/...rability/862fdf28-5195-443d-8ef2-e4043d0fdc92/ exploit vdb-entry technical-description

cve.org (CVE-2025-13417)

nvd.nist.gov (CVE-2025-13417)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.