Platform
wordpress
Component
majestic-support
Fixed in
1.1.1
CVE-2025-48283 describes a SQL Injection vulnerability discovered in Majestic Support, a WordPress plugin. This flaw allows attackers to inject arbitrary SQL code, potentially granting them unauthorized access to sensitive data stored within the database. The vulnerability impacts versions 0.0 through 1.1.0 of the plugin and has been resolved in version 1.1.1.
Successful exploitation of this SQL Injection vulnerability could allow an attacker to bypass authentication, read, modify, or delete data from the WordPress database. This includes user credentials, sensitive configuration information, and potentially even the entire website content. Depending on the database structure and permissions, an attacker might also be able to execute arbitrary commands on the server, leading to complete system compromise. The potential blast radius is significant, as a successful attack could expose the entire WordPress installation and its associated data.
CVE-2025-48283 was publicly disclosed on 2025-05-23. The vulnerability's severity is high due to the potential for significant data compromise and system takeover. No public proof-of-concept (PoC) code has been released at the time of this writing, but the SQL Injection nature of the vulnerability makes it likely that a PoC will emerge. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.23% (46% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-48283 is to immediately upgrade Majestic Support to version 1.1.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious SQL injection attempts. Specifically, look for patterns associated with SQL keywords (SELECT, INSERT, UPDATE, DELETE) and special characters (';', '--'). Carefully review any custom SQL queries used within the plugin and ensure proper input validation and sanitization. After upgrading, confirm the vulnerability is resolved by attempting a SQL injection attack through the affected endpoint and verifying that it is properly blocked.
Update the Majestic Support plugin to the latest available version to mitigate the SQL Injection vulnerability. Check for plugin updates in the WordPress admin panel or on the official WordPress.org repository.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-48283 is a critical SQL Injection vulnerability affecting Majestic Support WordPress plugin versions 0.0 through 1.1.0, allowing attackers to inject malicious SQL code.
If you are using Majestic Support version 0.0 to 1.1.0 on your WordPress site, you are potentially affected and should upgrade immediately.
Upgrade Majestic Support to version 1.1.1 or later to resolve the SQL Injection vulnerability. Consider WAF rules as a temporary mitigation if upgrading is not immediately possible.
While no active exploitation has been confirmed, the SQL Injection nature of the vulnerability makes it a likely target for attackers.
Refer to the Majestic Support website or WordPress plugin repository for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.