Time-Based SQL Injection Vulnerability in Owl Carousel Plugin for WordPress
CVE-2025-5590
8.8HIGH
What is CVE-2025-5590?
The Owl Carousel responsive plugin for WordPress suffers from a time-based SQL Injection vulnerability due to inadequate escaping of the 'id' parameter in all versions up to and including 1.9. This flaw enables authenticated users with Contributor-level access or higher to inject additional SQL queries into existing database queries. Consequently, attackers could manipulate the database, potentially extracting sensitive information.
Affected Version(s)
Owl carousel responsive * <= 1.9