CVE-2025-10635
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-08
Last updated on: 2025-10-08
Assigner: WPScan
Description
Description
The Find Me On WordPress plugin through 2.0.9.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing subscribers and above to perform SQL injection attacks
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | find_me_on | 2.0.9.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Find Me On WordPress plugin up to version 2.0.9.1, where it fails to properly sanitize and escape a parameter before using it in a SQL statement. This flaw allows users with subscriber-level access or higher to perform SQL injection attacks.
How can this vulnerability impact me? :
The vulnerability can allow attackers with subscriber or higher privileges to execute arbitrary SQL commands on the database. This can lead to unauthorized data access, data modification, or even complete compromise of the affected WordPress site's database.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70