CVE-2025-15477

Name of the Vulnerable Software and Affected Versions Bucketlister plugin for WordPress versions up to and including 0.1.5

Description The software contains a SQL Injection issue through the category and id attributes within its shortcode. Insufficient escaping of user-supplied parameters and inadequate preparation of the SQL query allow authenticated attackers with Contributor-level access or higher to inject additional SQL queries. This can lead to the extraction of sensitive information from the database. The vulnerable parameters are category and id.

Recommendations Update the Bucketlister plugin to a version beyond 0.1.5.