PT-2025-30000 · WordPress · B1.Lt Plugin
Aurélien Bourdois
·
Publicado
2025-07-18
·
Atualizado
2025-07-18
·
CVE-2025-6717
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
B1.lt plugin for WordPress versions through 2.2.56
Description
The B1.lt plugin for WordPress is susceptible to SQL Injection via the
id parameter. Insufficient escaping of user-supplied input and inadequate SQL query preparation allow authenticated attackers with Subscriber-level access or higher to inject additional SQL queries, potentially extracting sensitive information from the database.Recommendations
Update the B1.lt plugin to a version later than 2.2.56.
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
B1.Lt Plugin