WordPress Plugin Allows Attackers to Manipulate Database Queries

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

WordPress Plugin Allows Attackers to Manipulate Database Queries

CVE-2025-62319

Summary

An attacker can inject malicious code into a WordPress plugin's database queries, potentially allowing them to access sensitive information. This is a type of cyber attack that can happen if an attacker is able to trick the plugin into executing their code. To protect against this, make sure to keep all software and plugins up to date and use a reputable security plugin to monitor for suspicious activity.

Original title

Original description

Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the injected condition evaluates to true or false. This allows an attacker to inject arbitrary SQL into backend configuration queries executed within the application.

nvd CVSS3.1 9.8

Vulnerability type

CWE-89 SQL Injection

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410

Published: 16 Mar 2026 · Updated: 16 Mar 2026 · First seen: 16 Mar 2026