SQL Injection Vulnerability in Gutentor Plugin for WordPress
CVE-2025-1986

4.1MEDIUM

Key Information:

Vendor
WordPress
Status
Vendor
CVE Published:
1 April 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Gutentor plugin for WordPress prior to version 3.4.7 is susceptible to SQL injection due to a lack of proper sanitization and escaping of user-supplied parameters within SQL statements. This vulnerability could potentially allow administrators to manipulate the database in unintended ways, leading to unauthorized data access or modification.

Affected Version(s)

Gutentor 0 < 3.4.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Greshow
WPScan
.