PT-2025-48642 · WordPress · Db-Access
Yousof Nahya
·
Published
2025-12-02
·
Updated
2026-01-30
·
CVE-2025-13000
CVSS v3.1
7.7
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
db-access WordPress plugin versions through 0.8.7
Description
The db-access WordPress plugin does not have proper authorization for an AJAX action. This allows authenticated users, including those with subscriber privileges, to potentially execute SQL injection attacks. The vulnerability allows any authenticated user to perform SQLi attacks.
Recommendations
Update the db-access WordPress plugin to a version later than 0.8.7.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Db-Access