Plattform
wordpress
Komponente
classiera
Behoben in
4.0.35
CVE-2025-52722 identifies a SQL Injection vulnerability within the Classiera WordPress plugin. This flaw allows attackers to inject malicious SQL code, potentially gaining unauthorized access to sensitive data and compromising the entire WordPress instance. The vulnerability impacts versions from 0.0.0 through 4.0.34, and a patch is available in version 4.0.35.
The SQL Injection vulnerability in Classiera poses a significant risk. An attacker could exploit this flaw to bypass authentication, read, modify, or delete data stored in the WordPress database. This includes user credentials, sensitive configuration information, and potentially even the entire website content. Successful exploitation could lead to complete system compromise, data exfiltration, and denial of service. The impact is amplified if the WordPress site handles Personally Identifiable Information (PII) or financial data, as this could result in regulatory fines and reputational damage.
CVE-2025-52722 was publicly disclosed on 2025-06-27. The vulnerability's severity is classified as CRITICAL with a CVSS score of 9.3. As of this writing, there are no publicly available proof-of-concept exploits. It is advisable to monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting this vulnerability.
Websites utilizing the Classiera WordPress plugin, particularly those handling sensitive user data or financial transactions, are at significant risk. Shared hosting environments where multiple WordPress instances share the same database are also at increased risk, as a compromise of one site could potentially lead to the compromise of others.
• wordpress / composer / npm:
grep -r "SELECT .* FROM" /var/www/html/wp-content/plugins/classiera/• generic web:
curl -I 'https://your-wordpress-site.com/wp-content/plugins/classiera/?param=';• wordpress / composer / npm:
wp plugin list --status=inactive | grep classieradisclosure
Exploit-Status
EPSS
0.06% (18% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-52722 is to immediately upgrade the Classiera plugin to version 4.0.35 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious SQL queries targeting the vulnerable endpoints. Specifically, look for patterns indicative of SQL injection attempts, such as the presence of single quotes, double quotes, semicolons, or SQL keywords in user-supplied input. After upgrading, verify the fix by attempting a SQL injection attack on the vulnerable endpoints and confirming that the attack is blocked.
Actualice el tema Classiera a una versión posterior a 4.0.34 para mitigar la vulnerabilidad de inyección SQL. Verifique la página de desarrollador del tema o el repositorio de WordPress.org para obtener la última versión disponible. Considere deshabilitar o eliminar el tema si no es esencial hasta que se pueda actualizar.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-52722 is a critical SQL Injection vulnerability affecting the Classiera WordPress plugin, allowing attackers to inject malicious SQL code and potentially compromise the database.
If you are using Classiera WordPress plugin versions 0.0.0 through 4.0.34, you are affected by this vulnerability. Upgrade to version 4.0.35 or later to mitigate the risk.
The recommended fix is to upgrade the Classiera plugin to version 4.0.35 or later. If immediate upgrade is not possible, implement a WAF rule to filter malicious SQL queries.
As of now, there are no publicly available proof-of-concept exploits or confirmed reports of active exploitation, but it is crucial to apply the patch promptly.
Refer to the Classiera plugin's official website or WordPress plugin repository for the latest advisory and update information regarding CVE-2025-52722.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.