CVE-2025-23910

CVSS 3.1 Score 8.5 of 10 (high)

Details

Published Jan 22, 2025
CWE ID 89

Summary

CVE-2025-23910 is a significant SQL Injection vulnerability affecting Menus Plus+ from versions n/a through 1.9.6. Hackers can exploit this issue by improperly neutralizing special elements used in SQL commands. This vulnerability allows attackers to inject malicious SQL code, potentially leading to unauthorized access, data theft, or even system takeover. Users are strongly urged to update to the latest, patched version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share