PT-2025-42296 · WordPress · Rich Snippet Site Report
Johska
·
Published
2025-10-15
·
Updated
2025-10-15
·
CVE-2025-10310
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Rich Snippet Site Report plugin for WordPress versions prior to 2.0.0106
Description
The Rich Snippet Site Report plugin for WordPress is susceptible to SQL Injection due to inadequate input sanitization and SQL query preparation. Specifically, the
last parameter is not properly escaped, allowing unauthenticated attackers to inject additional SQL queries into existing database queries. This could lead to the extraction of sensitive information. The issue is also exploitable via Cross-Site Request Forgery (CSRF).Recommendations
Update the Rich Snippet Site Report plugin to version 2.0.0106 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rich Snippet Site Report