CVE-2025-32603

Name of the Vulnerable Software and Affected Versions: WP Online Users Stats versions prior to 1.0.0

Description: The issue is related to the improper neutralization of special elements used in an SQL command, allowing for Blind SQL Injection. This can be exploited through API endpoints, although specific endpoints are not mentioned. Vulnerable parameters or variables, such as username or password, are not explicitly specified. The general issue of SQL Injection involves manipulating SQL commands to access or modify sensitive data.

Recommendations: For versions prior to 1.0.0, update to version 1.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to SQL commands or disabling any features that may be vulnerable to SQL Injection until a patch is available. Avoid using user-supplied input in SQL commands without proper sanitization.