CVE-2025-10310
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-16
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | rich_snippet_site_report | 2.0.0105 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability is a SQL Injection in the Rich Snippet Site Report WordPress plugin, affecting all versions up to and including 2.0.0105. It occurs because the plugin does not properly escape or prepare the 'last' parameter used in SQL queries. This allows unauthenticated attackers to inject additional SQL commands into existing queries, potentially extracting sensitive information from the database. The vulnerability can also be exploited via Cross-Site Request Forgery (CSRF).
How can this vulnerability impact me? :
This vulnerability can allow attackers to extract sensitive information from your WordPress site's database without authentication. Since it is a SQL Injection, attackers could potentially access confidential data, which may include user information or site content. Exploitation via CSRF means attackers could trick authenticated users into executing malicious requests, increasing the risk. Overall, it compromises the confidentiality of your site's data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability could lead to unauthorized disclosure of sensitive personal data stored in the database, which would violate data protection regulations such as GDPR and HIPAA. Failure to protect such data adequately may result in non-compliance, legal penalties, and damage to reputation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the Rich Snippet Site Report WordPress plugin version 2.0.0105 or earlier installed on your WordPress site. Since the vulnerability involves SQL Injection via the 'last' parameter in AJAX requests, you can monitor or test HTTP POST requests to the WordPress admin AJAX endpoint (typically /wp-admin/admin-ajax.php) with the action 'easysnippetGet' and the 'last' parameter. A simple detection command could be using curl to send a crafted POST request to test if the parameter is vulnerable, for example: curl -X POST -d "action=easysnippetGet&last=1' OR '1'='1" https://yourwordpresssite.com/wp-admin/admin-ajax.php If the response returns data or an error indicating SQL injection, the plugin is vulnerable. Additionally, scanning your WordPress plugins for the presence of this plugin and its version can help detect vulnerability. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Disable or uninstall the Rich Snippet Site Report plugin from your WordPress installation, especially since it has been closed and is no longer maintained as of October 14, 2025. 2. Restrict access to the WordPress admin AJAX endpoint to trusted users only. 3. Apply Web Application Firewall (WAF) rules to block suspicious SQL injection attempts targeting the 'last' parameter. 4. Monitor your logs for unusual activity related to the plugin's AJAX actions. 5. If possible, update to a patched version once available or replace the plugin with a secure alternative. Since the plugin is no longer available for download and has known vulnerabilities, removing it is the safest immediate action. [1, 3]