SQL Injection Vulnerability in Blappsta Mobile App Plugin for WordPress
CVE-2025-9200

7.5HIGH

Key Information:

Vendor: WordPress
Status: Blappsta Mobile App Plugin – Your Native, Mobile Iphone App And Android App
Vendor: CVE Published:; 3 October 2025

What is CVE-2025-9200?

The Blappsta Mobile App Plugin for WordPress contains a SQL injection vulnerability through the nh_ynaa_comments() function. This issue arises from inadequate escaping of user-supplied parameters combined with an unrefined SQL query setup. As a result, unauthenticated attackers can exploit this vulnerability to inject malicious SQL commands, potentially leading to unauthorized access and the extraction of sensitive data from the site's database.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App * <= 0.8.8.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/yournewsapp/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2025
Vulnerability Reserved
Aug 19, 2025

Credit

Jarno Vos

JSON

WordPress

What is CVE-2025-9200?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.