Описание
The TARIFFUXX plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4. This is due to insufficient neutralization of user-supplied input used directly in SQL queries. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject additional SQL into queries and extract sensitive information from the database via a crafted id attribute in the 'tariffuxx_configurator' shortcode.
The TARIFFUXX plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4. This is due to insufficient neutralization of user-supplied input used directly in SQL queries. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject additional SQL into queries and extract sensitive information from the database via a crafted id attribute in the 'tariffuxx_configurator' shortcode.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-10682
- https://plugins.trac.wordpress.org/browser/tariffuxx/tags/1.4/classes/Tariffuxx_admin.php#L36
- https://plugins.trac.wordpress.org/browser/tariffuxx/tags/1.4/classes/Tariffuxx_twl.php#L164
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e897a83b-d746-427d-8c31-64d4eab5848e?source=cve
Связанные уязвимости
The TARIFFUXX plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4. This is due to insufficient neutralization of user-supplied input used directly in SQL queries. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject additional SQL into queries and extract sensitive information from the database via a crafted id attribute in the 'tariffuxx_configurator' shortcode.