SQL Injection Vulnerability in Blappsta Mobile App Plugin for WordPress
CVE-2025-9200

7.5HIGH

Key Information:

Vendor: WordPress
Status: Blappsta Mobile App Plugin – Your Native, Mobile Iphone App And Android App
Vendor: CVE Published:; 3 October 2025

What is CVE-2025-9200?

The Blappsta Mobile App Plugin for WordPress contains a SQL injection vulnerability through the nh_ynaa_comments() function. This issue arises from inadequate escaping of user-supplied parameters combined with an unrefined SQL query setup. As a result, unauthenticated attackers can exploit this vulnerability to inject malicious SQL commands, potentially leading to unauthorized access and the extraction of sensitive data from the site's database.

Affected Version(s)

Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App * <= 0.8.8.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/yournewsapp/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2025
Vulnerability Reserved
Aug 19, 2025

Credit

Jarno Vos

JSON