SQL Injection Vulnerability in LambertGroup Sticky Radio Player
CVE-2025-31926

8.5HIGH

Key Information:

Vendor: WordPress
Status: Sticky Radio Player
Vendor: CVE Published:; 16 May 2025

What is CVE-2025-31926?

The Sticky Radio Player developed by LambertGroup contains a vulnerability that allows for SQL injection due to improper handling of special elements within SQL commands. This flaw affects versions up to 3.4, enabling attackers to manipulate database queries, potentially leading to unauthorized data access and disruption of services.

Affected Version(s)

Sticky Radio Player <= 3.4

References

https://patchstack.com/database/wordpress/plugin/lbg-audi...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2025
Vulnerability Reserved
Apr 1, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)