SQL Injection Vulnerability in WP Lead Capturing Pages by kamleshyadav
CVE-2025-31424

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: WP Lead Capturing Pages
Vendor: CVE Published:; 9 June 2025

What is CVE-2025-31424?

The vulnerability in WP Lead Capturing Pages by kamleshyadav allows for Blind SQL Injection due to improper neutralization of special elements in SQL commands. This security flaw affects versions from n/a up through 2.3, enabling attackers to manipulate database queries. Websites using this plugin are at risk and should be updated or patched to ensure protection against potential exploitation.

Affected Version(s)

WP Lead Capturing Pages <= 2.3

References

https://patchstack.com/database/wordpress/plugin/leadcapt...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2025
Vulnerability Reserved
Mar 28, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)

WordPress

What is CVE-2025-31424?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit