CVE-2025-13001
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-02
Last updated on: 2025-12-02
Assigner: WPScan
Description
Description
The donation WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users, such as admin to perform SQL injection attacks
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | donation | 1.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the donation WordPress plugin through version 1.0, where it fails to sanitize and escape a parameter before using it in a SQL statement. This flaw allows high privilege users, such as administrators, to perform SQL injection attacks.
How can this vulnerability impact me? :
The vulnerability can allow high privilege users to execute SQL injection attacks, potentially leading to unauthorized access, data manipulation, or data loss within the affected WordPress site.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70