CVE-2025-26974

CVSS 3.1 Score 9.3 of 10 (high)

Details

Published Feb 25, 2025

CWE ID 89

Summary

CVE-2025-26974 is an SQL injection vulnerability affecting WP Multi Store Locator, a plugin used on WPExperts.io. The issue allows an attacker to inject malicious SQL commands, bypassing input validations. This blind SQL injection vulnerability can be exploited to access sensitive data or even execute arbitrary code on the affected system. The flaw is present in versions of WP Multi Store Locator ranging from the initial release to 2.5.1. Users are advised to update to the latest patch to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3cvW61
https://www.cve.org/CVERecord?id=CVE-2025-26974
https://nvd.nist.gov/vuln/detail/CVE-2025-26974

Back to Vulnerability Database

CVE-2025-26974

CVSS 3.1 Score 9.3 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations