PT-2025-41230 · WordPress · Find Me On Wordpress

Khaled Alenazi

Publicado

2025-10-08

Atualizado

2025-10-13

CVE-2025-10635

CVSS v3.1

7.7

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Find Me On WordPress plugin versions through 2.0.9.1

Description The Find Me On WordPress plugin does not properly sanitize and escape a parameter before using it in a SQL query. This allows users with subscriber privileges or higher to execute SQL injection attacks. The vulnerable parameter is used within a SQL statement, potentially allowing malicious code execution.

Recommendations Update the Find Me On WordPress plugin to a version later than 2.0.9.1.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2025-10635

Produtos afetados

Find Me On Wordpress

PT-2025-41230 · WordPress · Find Me On Wordpress

CVE-2025-10635

Identificadores relacionados

Produtos afetados

Referências · 7