SQL Injection Vulnerability in WP Lead Capturing Pages by kamleshyadav
CVE-2025-31424

9.3CRITICAL

Key Information:

Vendor

WordPress

Vendor
CVE Published:
9 June 2025

What is CVE-2025-31424?

The vulnerability in WP Lead Capturing Pages by kamleshyadav allows for Blind SQL Injection due to improper neutralization of special elements in SQL commands. This security flaw affects versions from n/a up through 2.3, enabling attackers to manipulate database queries. Websites using this plugin are at risk and should be updated or patched to ensure protection against potential exploitation.

Affected Version(s)

WP Lead Capturing Pages <= 2.3

References

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)
.
CVE-2025-31424 : SQL Injection Vulnerability in WP Lead Capturing Pages by kamleshyadav