CVE-2025-10047

Name of the Vulnerable Software and Affected Versions Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress versions through 5.3.12

Description The Email Tracker plugin for WordPress is susceptible to SQL Injection via the orderby parameter. Insufficient escaping of user-supplied input and inadequate preparation of existing SQL queries allow authenticated attackers with Administrator-level access or higher to inject additional SQL queries. This can lead to the extraction of sensitive information from the database.

Recommendations Update the Email Tracker plugin to a version newer than 5.3.12.