SQL Injection Vulnerability in onOffice for WP-Websites by onOffice GmbH
CVE-2025-32127

7.6HIGH

Key Information:

Vendor: WordPress
Status: Onoffice For WP-websites
Vendor: CVE Published:; 4 April 2025

What is CVE-2025-32127?

A vulnerability has been identified in onOffice for WP-Websites, where improper neutralization of special elements used in SQL commands could lead to SQL Injection. This flaw allows attackers to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive data or manipulation of the database. The affected versions range from n/a up to 5.7, highlighting the need for immediate attention and remediation to enhance the security posture of affected installations.

Affected Version(s)

onOffice for WP-Websites <= 5.7

References

https://patchstack.com/database/wordpress/plugin/onoffice...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2025
Vulnerability Reserved
Apr 4, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)

WordPress

What is CVE-2025-32127?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit