WordPress Outdoor plugin SQL injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Outdoor plugin suffers from a SQL injection vulnerability that stems from a lack of validation of the edit parameter. An attacker can exploit this vulnerability to...

CVE-2025-10743 Outdoor <= 1.3.2 - Unauthenticated SQL Injection

The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to, and including, 1.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...