CVE-2025-13783

Name of the Vulnerable Software and Affected Versions taosir WTCMS versions up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665

Description A security flaw exists in taosir WTCMS. The issue affects the check/uncheck/delete function within the application/Comment/Controller/CommentadminController.class.php file of the CommentadminController component. Manipulation of the ids argument can lead to SQL injection. The attack can be executed remotely. The exploit has been released publicly. The product uses a rolling release model, making specific version information unavailable. The vendor was contacted regarding this disclosure but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.