Platform
wordpress
Component
office-locator
Fixed in
1.3.1
CVE-2025-32665 describes a SQL Injection vulnerability discovered in WebbyTemplate Office Locator. This flaw allows attackers to inject malicious SQL code, potentially compromising sensitive data and system integrity. The vulnerability impacts versions from 0.0.0 up to and including 1.3.0. A patch is available in version 1.3.1.
Successful exploitation of this SQL Injection vulnerability could allow an attacker to bypass authentication mechanisms and gain unauthorized access to the underlying database. This could lead to the exfiltration of sensitive information, including user credentials, personal data, and potentially even administrative access. Depending on the database schema and permissions, an attacker might also be able to modify or delete data, leading to denial of service or further compromise. The blast radius extends to any data stored within the Office Locator database, making it a high-priority concern.
CVE-2025-32665 was publicly disclosed on 2025-04-17. As of this date, no public proof-of-concept exploits have been identified. The vulnerability's criticality (CVSS 9.3) suggests a high probability of exploitation if left unpatched. It is not currently listed on CISA KEV.
Exploit Status
EPSS
0.23% (46% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-32665 is to immediately upgrade WebbyTemplate Office Locator to version 1.3.1 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to filter out potentially malicious SQL injection attempts. Input validation and sanitization on all user-supplied data are also crucial preventative measures. Regularly review database access permissions to limit the potential impact of a successful attack.
Update the Office Locator plugin to the latest available version to mitigate the SQL Injection vulnerability. Check for available updates in the WordPress plugin repository or on the developer's website. Implement additional security measures, such as user input validation and sanitization, to prevent future vulnerabilities.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-32665 is a critical SQL Injection vulnerability affecting WebbyTemplate Office Locator versions 0.0.0 through 1.3.0, allowing attackers to inject malicious SQL code.
If you are using WebbyTemplate Office Locator versions 0.0.0 to 1.3.0, you are potentially affected by this vulnerability. Upgrade immediately.
Upgrade WebbyTemplate Office Locator to version 1.3.1 or later to resolve this SQL Injection vulnerability. Consider WAF rules as an interim measure.
As of 2025-04-17, no active exploitation has been confirmed, but the high CVSS score indicates a potential for exploitation.
Refer to the WebbyTemplate website or plugin repository for the official advisory and release notes regarding this vulnerability.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.