CVE-2025-2011

🗓️ 06 May 2025 10:15:15Reported by [email protected]Type

nvd

nvd🔗 web.nvd.nist.gov👁 16 Views

Vulnerability in Slider & Popup Builder for WordPress allows SQL Injection via user parameter.

Reporter	Title	Published	Views	Family All 19
GithubExploit	Exploit for CVE-2025-2011	6 May 202520:14	–	githubexploit
GithubExploit	Ntemplatesbyxit	7 May 202615:36	–	githubexploit
GithubExploit	Exploit for CVE-2025-2011	2 Nov 202518:09	–	githubexploit
GithubExploit	Exploit for CVE-2025-2011	5 Jan 202600:43	–	githubexploit
Circl	CVE-2025-2011	6 May 202510:21	–	circl
CNNVD	WordPress plugin Slider & Popup Builder by Depicter 安全漏洞	6 May 202500:00	–	cnnvd
CVE	CVE-2025-2011	6 May 202509:21	–	cve
Cvelist	CVE-2025-2011 Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter	6 May 202509:21	–	cvelist
Exploit DB	WordPress Depicter Plugin 3.6.1 - SQL Injection	9 May 202500:00	–	exploitdb
Metasploit	WordPress Depicter Plugin SQL Injection (CVE-2025-2011)	28 May 202518:51	–	metasploit

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/depicter/trunk/app/src/Services/LeadService.php
github	www.github.com/datagoboom/CVE-2025-2011
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/49b36cde-39d8-4a69-8d7c-7b850b76a7cd
plugins	www.plugins.trac.wordpress.org/browser/depicter/trunk/app/src/Database/Repository/LeadRepository.php
plugins	www.plugins.trac.wordpress.org/browser/depicter/trunk/app/src/Controllers/Ajax/LeadsAjaxController.php
plugins	www.plugins.trac.wordpress.org/browser/depicter/trunk/app/src/Controllers/Ajax/LeadsAjaxController.php
plugins	www.plugins.trac.wordpress.org/browser/depicter/trunk/app/src/Controllers/Ajax/LeadsAjaxController.php
wordpress	www.wordpress.org/plugins/depicter/
plugins	www.plugins.trac.wordpress.org/changeset/3287525/

15 Apr 2026 00:35Current

CVSS 3.17.5

EPSS0.47524

cve-2025-2011 wordpress plugin sql injection user parameter sensitive information unauthenticated attackers.