PT-2025-34734 · WordPress · Vibes
Published
2025-08-26
·
Updated
2025-08-26
·
CVE-2025-9172
CVSS v3.1
7.5
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Fix
SQL injection
Weakness Enumeration
Related Identifiers
Affected Products
Vibes
Published
2025-08-26
·
Updated
2025-08-26
·
CVE-2025-9172
7.5
High
| Base vector | Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
The Vibes plugin for WordPress versions prior to 2.2.1
Description:
The Vibes plugin for WordPress is susceptible to time-based SQL Injection via the `resource` parameter. Insufficient escaping of user-supplied input and inadequate preparation of existing SQL queries allow unauthenticated attackers to append additional SQL queries, potentially extracting sensitive information from the database.
Recommendations:
Update The Vibes plugin to version 2.2.1 or later.
Fix
SQL injection