CVE-2025-69304

Awaiting Analysis Awaiting Analysis - Queue

Blind SQL Injection in TeconceTheme Allmart Core

Publication date: 2026-02-20

Last updated on: 2026-02-24

Assigner: Patchstack

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Allmart allmart-core allows Blind SQL Injection.This issue affects Allmart: from n/a through <= 1.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-02-20

Last Modified

2026-02-24

Generated

2026-06-16

AI Q&A

2026-02-20

EPSS Evaluated

2026-06-15

NVD

CVE-2025-69304

Affected Vendors & Products

Vendor	Product	Version / Range
teconcedesign	allmart_core	to 1.1 (inc)
teconcedesign	allmart	to 1.1 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Executive Summary

CVE-2025-69304 is a high-priority SQL Injection vulnerability affecting the WordPress Allmart plugin versions up to and including 1.1.

This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries on the database by exploiting improper neutralization of special elements used in SQL commands.

It is classified under the OWASP Top 10 category A3: Injection.

Impact Analysis

This vulnerability can lead to data theft or manipulation by allowing attackers to execute arbitrary SQL queries on the affected database.

Because the vulnerability can be exploited by unauthenticated attackers, it poses a critical risk to the confidentiality, integrity, and availability of your data.

There is currently no official patch available, increasing the urgency to apply mitigation rules to protect your website.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

This vulnerability currently has no official patch available. However, Patchstack has released a mitigation rule that can be applied to block attacks targeting this flaw.

Users are strongly advised to implement this mitigation immediately to protect their websites from exploitation.

Hi! I’m here to help you understand CVE-2025-69304. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2025-69304

Blind SQL Injection in TeconceTheme Allmart Core

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart