CVE-2025-5590

Name of the Vulnerable Software and Affected Versions: Owl carousel responsive plugin for WordPress versions up to, and including, 1.9

Description: The issue is related to time-based SQL Injection via the id parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Recommendations: For versions up to, and including, 1.9, consider disabling the id parameter in the affected plugin until a patch is available. Restrict access to the plugin to minimize the risk of exploitation, ensuring only necessary users have Contributor-level access and above. Avoid using the id parameter in the affected plugin until the issue is resolved.