CVE-2025-32120

CVSS 3.1 Score 7.6 of 10 (high)

Details

Published Apr 4, 2025

Updated: Apr 7, 2025

CWE ID 89

Summary

CVE-2025-32120 is a serious SQL Injection vulnerability affecting Easy Query – WP Query Builder. Hackers can exploit this issue, which exists from version n/a through 2.0.4, to inject malicious SQL commands that bypass filters, gaining unauthorized access to sensitive data or making unauthorized modifications to databases. The vulnerability arises due to improper neutralization of special elements used in an SQL command. This flaw opens a blind SQL injection attack vector, posing a significant risk to affected WordPress installations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/484NoA
https://www.cve.org/CVERecord?id=CVE-2025-32120
https://nvd.nist.gov/vuln/detail/CVE-2025-32120

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners

CVE-2025-32120

CVSS 3.1 Score 7.6 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations