PT-2025-41230 · WordPress · Find Me On Wordpress

Khaled Alenazi

Published

2025-10-08

Updated

2025-10-13

CVE-2025-10635

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Find Me On WordPress plugin versions through 2.0.9.1

Description The Find Me On WordPress plugin does not properly sanitize and escape a parameter before using it in a SQL query. This allows users with subscriber privileges or higher to execute SQL injection attacks. The vulnerable parameter is used within a SQL statement, potentially allowing malicious code execution.

Recommendations Update the Find Me On WordPress plugin to a version later than 2.0.9.1.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2025-10635

Affected Products

Find Me On Wordpress

PT-2025-41230 · WordPress · Find Me On Wordpress

CVE-2025-10635

Related Identifiers

Affected Products

References · 7