CVE-2025-14124
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-05

Last updated on: 2026-01-08

Assigner: WPScan

Description
The Team WordPress plugin before 5.0.11 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-05
Last Modified
2026-01-08
Generated
2026-06-16
AI Q&A
2026-01-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14124
EUVD
EUVD-2026-0837
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
team team to 5.0.11 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unauthenticated SQL injection in the WordPress plugin "Team" versions before 5.0.11. It occurs because the plugin does not properly sanitize and escape a parameter called "search" used in a SQL statement within an AJAX action named `ttp_Layout_Ajax_Action`. This flaw allows attackers who are not logged in to send specially crafted requests that inject malicious SQL code, potentially manipulating the database or extracting sensitive information. [1]

Impact Analysis

The vulnerability allows unauthenticated attackers to perform SQL injection attacks, which can lead to data leakage, unauthorized database manipulation, or denial of service through time-based attacks. This means attackers could access or alter sensitive data, disrupt website functionality, or cause performance issues. [1]

Detection Guidance

This vulnerability can be detected by sending crafted POST requests to the vulnerable AJAX action `ttp_Layout_Ajax_Action` in the Team plugin via `wp-admin/admin-ajax.php`. A common detection method is to use a time-based SQL injection payload such as `search=t' OR SLEEP(3) OR 't'='t` in the POST data. If the response time is significantly delayed (approximately 9 seconds total for three executions), it confirms the presence of the SQL injection vulnerability. Example command using curl: `curl -X POST -d "action=ttp_Layout_Ajax_Action&scID=<shortcode_id>&tlp_nonce=<nonce>&search=t' OR SLEEP(3) OR 't'='t" https://<target-site>/wp-admin/admin-ajax.php` Replace `<shortcode_id>` and `<nonce>` with values extracted from the vulnerable page source. [1]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the Team WordPress plugin to version 5.0.11 or later, where the vulnerability has been fixed by proper sanitization and escaping of input parameters. Until the update can be applied, restrict access to `wp-admin/admin-ajax.php` or disable the vulnerable AJAX action if possible to prevent exploitation by unauthenticated users. [1]

Compliance Impact

The vulnerability allows unauthenticated attackers to perform SQL injection attacks, which can lead to data leakage or database manipulation. Such unauthorized access or exposure of personal or sensitive data could result in non-compliance with data protection regulations like GDPR or HIPAA, which require safeguarding personal data against unauthorized access and breaches. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14124. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart