CVE-2025-12502

Medium

6.8/10

Summary

The attention-bar WordPress plugin through 0.7.2.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users such as administrator to perform SQL injection attacks

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: CHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: NONE

References

Advisory Timeline

Published Nov 20, 2025

CVE-2025-12502

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS