Get Started

WordPress: Time-Based SQL Injection Vulnerability in AHAthat Plugin

by the Hossted team
19.03.2025

In AHAthat Plugin for WordPress versions 1.6 and prior a medium severity vulnerability CVE-2025-2511 was detected. This vulnerability allows authenticated attackers with Administrator-level access and above to perform time-based SQL Injection via the ‘id’ parameter due to insufficient escaping and lack of proper SQL query preparation, enabling them to extract sensitive information from the database. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2511.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR