SQL Injection Vulnerability in Tribulant Software Newsletters
CVE-2025-30921

7.6HIGH

Key Information:

Vendor: Tribulant Software
Status: Newsletters
Vendor: CVE Published:; 27 March 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An SQL Injection vulnerability exists in the Tribulant Software Newsletters plugin. This flaw allows attackers to manipulate SQL queries by improperly neutralizing special elements within the input fields. As a result, unauthorized access to sensitive data or database manipulation could occur. The vulnerability affects multiple versions of the Newsletters plugin, specifically from n/a up to 4.9.9.7, necessitating immediate attention from users to mitigate potential risks.

Affected Version(s)

Newsletters <= 4.9.9.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-30921
Created by DoTTak

References

https://patchstack.com/database/wordpress/plugin/newslett...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

🟡
Public PoC available
Apr 3, 2025
👾
Exploit known to exist
Apr 3, 2025
Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Webula (Patchstack Alliance)