SQL Injection Vulnerability in LambertGroup xPromoter Plugin
CVE-2025-68053

Currently unrated

Key Information:

Vendor

WordPress
Status
Xpromoter
Vendor
CVE Published:
16 December 2025

What is CVE-2025-68053?

A vulnerability in the LambertGroup xPromoter top_bar_promoter plugin allows for Blind SQL Injection, which can be exploited to manipulate the database and potentially retrieve sensitive information. This issue affects versions of xPromoter from n/a through 1.3.4. It is crucial for users to update their plugins to ensure security against such threats.

Affected Version(s)

xPromoter <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/top_...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phat RiO - BlueRock | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68053 : SQL Injection Vulnerability in LambertGroup xPromoter Plugin