CVE-2025-13495

Name of the Vulnerable Software and Affected Versions FluentCart versions up to and including 1.3.1

Description The FluentCart plugin for WordPress is susceptible to SQL Injection due to inadequate input validation and query preparation. Specifically, the groupKey parameter is not properly sanitized, allowing authenticated attackers with Administrator-level access or higher to inject additional SQL queries. This can lead to the extraction of sensitive information from the database.

Recommendations Update FluentCart to a version newer than 1.3.1.