SQL Injection Vulnerability in Pantherius Modal Survey Plugin by WordPress
CVE-2025-39471

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Modal Survey
Vendor: CVE Published:; 18 April 2025

What is CVE-2025-39471?

The Pantherius Modal Survey plugin for WordPress is susceptible to an SQL Injection vulnerability that occurs due to improper handling of special elements within SQL commands. This flaw can potentially allow attackers to manipulate database queries through crafted inputs, leading to unauthorized data access or loss. Users of affected versions are strongly advised to update to secure versions immediately to protect their applications.

Affected Version(s)

Modal Survey <= 2.0.2.0.1

References

https://patchstack.com/database/wordpress/plugin/modal-su...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Bonds (Patchstack Alliance)