SQL Injection Vulnerability in ValvePress Rankie Plugin
CVE-2025-39486

8.5HIGH

Key Information:

Vendor: WordPress
Status: Rankie
Vendor: CVE Published:; 17 June 2025

What is CVE-2025-39486?

The ValvePress Rankie Plugin is susceptible to an SQL Injection vulnerability that allows attackers to manipulate SQL queries executed by the application. This weakness could enable unauthorized access to the database, leading to potential data breaches, loss of data integrity, and unauthorized actions within the affected system. It is crucial for users of the plugin to implement corrective measures and updates to mitigate these risks.

Affected Version(s)

Rankie < 1.8.2

References

https://patchstack.com/database/wordpress/plugin/valvepre...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Anhchangmutrang (Patchstack Alliance)