Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
Coven Core: Data Exposure through SQL Injection
CVE-2025-69295
Summary
Coven Core plugins may allow unauthorized access to sensitive data. This is a serious issue because attackers can extract confidential information from your website. Update to Coven Core version 1.4 or later to fix this vulnerability.
Original title
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Coven Core coven-core allows Blind SQL Injection.This issue affects Coven Core: fr...
Original description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Coven Core coven-core allows Blind SQL Injection.This issue affects Coven Core: from n/a through <= 1.3.
nvd CVSS3.1
9.3
Vulnerability type
CWE-89
SQL Injection
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026