SQL Injection Vulnerability in LambertGroup's AllInOne - Banner with Playlist
CVE-2025-60107

8.5HIGH

Key Information:

Vendor: WordPress
Status: Lambertgroup - Allinone - Banner With Playlist
Vendor: CVE Published:; 26 September 2025

What is CVE-2025-60107?

A vulnerability has been identified in LambertGroup's AllInOne - Banner with Playlist plugin, allowing attackers to execute Blind SQL Injection attacks. This flaw permits unauthorized access to a database by improperly neutralizing special elements within SQL commands. It impacts versions from n/a to 3.8, posing potential risks for data integrity and security.

Affected Version(s)

LambertGroup - AllInOne - Banner with Playlist <= 3.8

References

https://patchstack.com/database/wordpress/plugin/all-in-o...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2025
Vulnerability Reserved
Sep 25, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)

JSON