CVE-2025-6717

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions B1.lt plugin for WordPress versions through 2.2.56

Description The B1.lt plugin for WordPress is susceptible to SQL Injection via the id parameter. Insufficient escaping of user-supplied input and inadequate SQL query preparation allow authenticated attackers with Subscriber-level access or higher to inject additional SQL queries, potentially extracting sensitive information from the database.

Recommendations Update the B1.lt plugin to a version later than 2.2.56.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-6717

Affected Products

B1.Lt Plugin

CVE-2025-6717

Weakness Enumeration

Related Identifiers

Affected Products

References · 6