SQL Injection Vulnerability in WPSmartContracts by WordPress
CVE-2025-31565

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: WPsmartcontracts
Vendor: CVE Published:; 11 April 2025

What is CVE-2025-31565?

A vulnerability in the WPSmartContracts plugin for WordPress poses a risk of Blind SQL Injection due to improper handling of special elements in SQL commands. This weakness affects versions up to 2.0.10, allowing attackers to exploit the vulnerability to execute arbitrary SQL code. Proper security measures are critical for users of this plugin to prevent unauthorized database access and data breaches.

Affected Version(s)

WPSmartContracts <= 2.0.10

References

https://patchstack.com/database/wordpress/plugin/wp-smart...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Mar 31, 2025

Credit

NAWardRox (Patchstack Alliance)