SQL Injection Vulnerability in Fable Extra by WPFable
CVE-2025-46539

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Fable Extra
Vendor: CVE Published:; 23 May 2025

What is CVE-2025-46539?

An SQL injection vulnerability exists in Fable Extra by WPFable, which allows attackers to execute unauthorized SQL commands through improper handling of special elements in SQL statements. This issue targets versions from n/a to 1.0.6, enabling blind SQL injection that could lead to unauthorized data access. It underscores the necessity for regular updates and proper input validation to safeguard against potential exploitation.

Affected Version(s)

Fable Extra <= 1.0.6

References

https://patchstack.com/database/wordpress/plugin/fable-ex...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2025
Vulnerability Reserved
Apr 24, 2025

Credit

timomangcut (Patchstack Alliance)

WordPress

What is CVE-2025-46539?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit