2 matches found
CVE-2025-13000
CVE-2025-13000 concerns the WordPress plugin “db-access” up to version 0.8.7, where an insufficient authorization check in an AJAX action permits any authenticated user (including subscribers) to perform SQL injection. Supported details from connected sources confirm the root cause as missing aut...
CVE-2025-13000 DB Access <= 0.8.7 - Subscriber+ SQLi
The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks...