SQL Injection Vulnerability in WP Online Users Stats by HK
CVE-2025-32603
9.3CRITICAL
Summary
The vulnerability in WP Online Users Stats, developed by HK, allows for Blind SQL Injection due to improper neutralization of special elements in SQL commands. This flaw could enable an attacker to manipulate SQL queries without detection, potentially exposing sensitive database information. The affected version is 1.0.0 and up to this version. Websites utilizing this plugin should consider immediate remediation steps to protect their data integrity.
Affected Version(s)
WP Online Users Stats <= 1.0.0
References
CVSS V3.1
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)