CVE-2025-10743

Name of the Vulnerable Software and Affected Versions WordPress Outdoor plugin versions prior to 1.3.3

Description The Outdoor plugin for WordPress is susceptible to SQL Injection through the 'edit' action. This is due to inadequate escaping of user-supplied input and insufficient preparation of existing SQL queries. An unauthenticated attacker can inject additional SQL queries into existing database queries, potentially extracting sensitive information. The edit action and the user-supplied parameter are involved in this issue.

Recommendations Update the Outdoor plugin to version 1.3.3 or later.