Plattform
wordpress
Komponente
allmart-core
Behoben in
1.1.1
CVE-2025-69304 describes a critical SQL Injection vulnerability affecting the Allmart WordPress theme. This flaw allows attackers to perform blind SQL injection, potentially leading to unauthorized data access and manipulation. The vulnerability impacts versions from 0.0.0 through 1.1. A patch is expected to be released by the vendor.
The SQL Injection vulnerability in Allmart allows an attacker to bypass security measures and directly interact with the underlying database. Due to the blind nature of the injection, attackers must iteratively probe the database to extract information, making the process time-consuming but still feasible. Sensitive data at risk includes user credentials, customer information, order details, and potentially even database schema information. Successful exploitation could lead to complete compromise of the WordPress site and its associated data. This vulnerability shares similarities with other SQL injection flaws where attackers can bypass authentication and gain administrative access.
CVE-2025-69304 was published on 2026-02-20. The CVSS score of 9.3 indicates a critical severity. Public proof-of-concept (POC) code is currently unavailable, but the vulnerability's nature makes it likely that a POC will be developed. It is not currently listed on CISA KEV. Active exploitation is not yet confirmed, but the high severity warrants immediate attention.
Websites using the Allmart WordPress theme, particularly those with sensitive data stored in the database, are at significant risk. Shared hosting environments where multiple websites share the same database are especially vulnerable, as a compromise of one site could potentially lead to the compromise of others.
• wordpress / composer / npm:
grep -r "SELECT .* FROM" /var/www/html/allmart-core/• generic web:
curl -I https://your-wordpress-site.com/ | grep SQL• wordpress / composer / npm:
wp plugin list | grep allmart• wordpress / composer / npm:
wp plugin update allmartdisclosure
Exploit-Status
EPSS
0.04% (12% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-69304 is to upgrade to a patched version of the Allmart WordPress theme as soon as it becomes available. In the interim, implement a Web Application Firewall (WAF) with rules specifically designed to detect and block SQL injection attempts targeting the vulnerable endpoints. Consider using parameterized queries or prepared statements in your WordPress code to prevent SQL injection vulnerabilities in the future. Regularly review and sanitize user inputs to further reduce the attack surface.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-69304 is a critical SQL Injection vulnerability in the Allmart WordPress theme, allowing attackers to extract data via blind SQL injection. It affects versions 0.0.0–1.1.
If you are using the Allmart WordPress theme versions 0.0.0 through 1.1, you are potentially affected by this vulnerability. Check your theme version immediately.
Upgrade to a patched version of the Allmart WordPress theme as soon as it's released. Until then, implement a WAF and sanitize user inputs.
Active exploitation is not yet confirmed, but the high severity warrants immediate attention and proactive mitigation.
Please refer to the Allmart theme developer's website or WordPress plugin repository for the official advisory and patch release.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.