CVE-2025-14124
BaseFortify
Publication date: 2026-01-05
Last updated on: 2026-01-08
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| team | team | to 5.0.11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unauthenticated SQL injection in the WordPress plugin "Team" versions before 5.0.11. It occurs because the plugin does not properly sanitize and escape a parameter called "search" used in a SQL statement within an AJAX action named `ttp_Layout_Ajax_Action`. This flaw allows attackers who are not logged in to send specially crafted requests that inject malicious SQL code, potentially manipulating the database or extracting sensitive information. [1]
How can this vulnerability impact me? :
The vulnerability allows unauthenticated attackers to perform SQL injection attacks, which can lead to data leakage, unauthorized database manipulation, or denial of service through time-based attacks. This means attackers could access or alter sensitive data, disrupt website functionality, or cause performance issues. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted POST requests to the vulnerable AJAX action `ttp_Layout_Ajax_Action` in the Team plugin via `wp-admin/admin-ajax.php`. A common detection method is to use a time-based SQL injection payload such as `search=t' OR SLEEP(3) OR 't'='t` in the POST data. If the response time is significantly delayed (approximately 9 seconds total for three executions), it confirms the presence of the SQL injection vulnerability. Example command using curl: `curl -X POST -d "action=ttp_Layout_Ajax_Action&scID=<shortcode_id>&tlp_nonce=<nonce>&search=t' OR SLEEP(3) OR 't'='t" https://<target-site>/wp-admin/admin-ajax.php` Replace `<shortcode_id>` and `<nonce>` with values extracted from the vulnerable page source. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the Team WordPress plugin to version 5.0.11 or later, where the vulnerability has been fixed by proper sanitization and escaping of input parameters. Until the update can be applied, restrict access to `wp-admin/admin-ajax.php` or disable the vulnerable AJAX action if possible to prevent exploitation by unauthenticated users. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to perform SQL injection attacks, which can lead to data leakage or database manipulation. Such unauthorized access or exposure of personal or sensitive data could result in non-compliance with data protection regulations like GDPR or HIPAA, which require safeguarding personal data against unauthorized access and breaches. [1]