CVE-2025-49870
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49870 is a high-severity SQL Injection vulnerability in the WordPress Paid Member Subscriptions plugin up to version 2.15.1. It allows unauthenticated attackers to inject malicious SQL commands into the website's database, potentially enabling them to steal or manipulate data. This occurs because the plugin improperly neutralizes special elements used in SQL commands, making it vulnerable to injection attacks. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to directly interact with your website's database without authentication, potentially leading to data theft or unauthorized data manipulation. Such exploitation can compromise sensitive user information, disrupt website functionality, and may require professional incident response or server-side malware scanning to remediate. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this SQL Injection vulnerability can be done by monitoring for unusual database queries or unauthorized access attempts targeting the Paid Member Subscriptions plugin. Since the vulnerability allows unauthenticated attackers to interact with the database, inspecting web server logs for suspicious SQL syntax or injection patterns is recommended. However, specific commands are not provided. For compromised sites, professional incident response or server-side malware scanning is advised rather than relying solely on plugin-based scanners. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) provided by Patchstack to block attacks temporarily and updating the Paid Member Subscriptions plugin to version 2.15.2 or later, which contains the fix. Users are strongly advised to update immediately to resolve the issue. Additionally, Patchstack offers automatic mitigation and auto-updates for vulnerable plugins to help protect sites. [1]