CVE-2025-15268
Unauthenticated SQL Injection in Infility Global WordPress Plugin
Publication date: 2026-02-04
Last updated on: 2026-02-04
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| infility | global_plugin | to 2.14.46 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2025-15268 is a security vulnerability in the Infility Global WordPress plugin affecting all versions up to and including 2.14.46. The issue is an unauthenticated SQL Injection vulnerability in the 'infility_get_data' API action. This happens because the plugin does not properly escape user-supplied parameters and does not sufficiently prepare the SQL queries, allowing attackers without authentication to append additional SQL commands to existing queries."}, {'type': 'paragraph', 'content': "This vulnerability can enable attackers, depending on server configuration, to extract sensitive information from the plugin's database by injecting malicious SQL code. The vulnerability was fixed in version 2.14.52 by adding nonce verification and tightening security checks on the API endpoint to prevent unauthorized access."}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can have significant impacts including unauthorized data exposure. Because it allows unauthenticated attackers to perform SQL Injection, sensitive information stored in the database can be extracted without any login or permission.'}, {'type': 'list_item', 'content': "Exposure of sensitive data from the WordPress site's database."}, {'type': 'list_item', 'content': 'Potential compromise of user privacy and site confidentiality.'}, {'type': 'list_item', 'content': 'Increased risk of further attacks leveraging the extracted data.'}, {'type': 'paragraph', 'content': 'The vulnerability does not directly affect data integrity or availability (no data modification or denial of service), but the confidentiality breach alone can be critical.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "The vulnerability exists in the Infility Global WordPress plugin versions up to 2.14.46 in the 'infility_get_data' API action, which is vulnerable to unauthenticated SQL Injection. Detection can focus on monitoring or testing for unauthorized access attempts to this API endpoint."}, {'type': 'paragraph', 'content': "One approach is to check for HTTP requests targeting the 'infility_get_data' AJAX endpoint without proper authentication or nonce verification."}, {'type': 'paragraph', 'content': 'Suggested commands to detect potential exploitation attempts include using curl or similar tools to send crafted requests to the vulnerable endpoint and observe responses:'}, {'type': 'list_item', 'content': "curl -v 'https://yourwordpresssite.com/wp-admin/admin-ajax.php?action=infility_get_data¶m=1'"}, {'type': 'list_item', 'content': "grep or monitor web server logs for requests containing 'action=infility_get_data' without valid nonce or authentication tokens."}, {'type': 'list_item', 'content': 'Use network intrusion detection systems (IDS) or web application firewalls (WAF) to flag suspicious SQL injection patterns in requests to this endpoint.'}, {'type': 'paragraph', 'content': "Since the vulnerability involves SQL injection via user-supplied parameters, testing with typical SQL injection payloads in the 'infility_get_data' API parameters can help detect if the system is vulnerable."}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "The primary mitigation step is to update the Infility Global WordPress plugin to version 2.14.52 or later, where the vulnerability has been fixed by adding nonce verification and tightening security checks on the 'infility_get_data' API endpoint."}, {'type': 'paragraph', 'content': 'If immediate updating is not possible, consider temporarily disabling or restricting access to the vulnerable AJAX endpoint to prevent unauthenticated access.'}, {'type': 'paragraph', 'content': "Implement web application firewall (WAF) rules to block suspicious requests targeting the 'infility_get_data' action, especially those containing SQL injection patterns."}, {'type': 'paragraph', 'content': 'Review and enforce proper authentication and authorization checks on AJAX actions in the WordPress installation.'}, {'type': 'paragraph', 'content': 'Monitor logs for suspicious activity related to this plugin and the vulnerable endpoint.'}] [1]