SQL Injection Vulnerability in Quentn WP by Quentn.com GmbH
CVE-2025-39595

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Quentn WP
Vendor: CVE Published:; 17 April 2025

What is CVE-2025-39595?

The Quentn WP plugin developed by Quentn.com GmbH is susceptible to an SQL Injection vulnerability due to improper handling of special elements in SQL commands. This flaw could allow attackers to manipulate database queries, potentially leading to unauthorized data access and manipulation. Affected versions include those prior to 1.2.8. It's essential for users of Quentn WP to apply the latest security updates to mitigate this risk and ensure the integrity of their applications.

Affected Version(s)

Quentn WP <= 1.2.8

References

https://patchstack.com/database/wordpress/plugin/quentn-w...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Le Ngoc Anh (Patchstack Alliance)

WordPress

What is CVE-2025-39595?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit