Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
WordPress Plugin vran-dev Database Error - Unsecured Search Function
CVE-2025-66944
Summary
An outdated version of the vran-dev plugin for WordPress has a security weakness that lets an attacker potentially inject malicious code into your website. This could allow them to see or modify sensitive information. Update the plugin to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| databasir | databasir | <= 1.0.7 | – |
Original title
SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code via the query parameter in the search API endpoint
Original description
SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code via the query parameter in the search API endpoint
nvd CVSS3.1
9.8
Vulnerability type
CWE-89
SQL Injection
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026