CVE-2025-10289

Name of the Vulnerable Software and Affected Versions Filter & Grids plugin for WordPress versions prior to 3.2.1

Description The Filter & Grids plugin for WordPress is susceptible to SQL Injection through the phrase parameter. Insufficient input validation and inadequate SQL query preparation allow unauthenticated attackers to inject additional SQL queries, potentially extracting sensitive information from the database. This issue is confirmed to affect MariaDB databases, causing syntax errors in MySQL.

Recommendations Update the Filter & Grids plugin to version 3.2.1 or later.