4.1

CVE-2025-1986

Exploit

Gutentor < 3.4.7 - Admin+ SQL Injection

Gutentor <= 3.4.6 - Authenticated (Administrator+) SQL Injection

The Gutentor  WordPress plugin before 3.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
Mögliche Gegenmaßnahme
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor: Update to version 3.4.7, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GutentorGutentor SwPlatformwordpress Version < 3.4.7
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
Version *-3.4.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.299
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.1 2.3 1.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

https://wpscan.com/vulnerability/f1414750-19ee-4a5d-b255-a9c20168b716/
Third Party Advisory
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/153647b8-c5eb-47f5-b375-0baec367287f
Third Party Advisory