Platform
wordpress
Component
classiera
Fixed in
4.0.35
CVE-2025-52722 identifies a SQL Injection vulnerability within the Classiera WordPress plugin. This flaw allows attackers to inject malicious SQL code, potentially gaining unauthorized access to sensitive data and compromising the entire WordPress instance. The vulnerability impacts versions from 0.0.0 through 4.0.34, and a patch is available in version 4.0.35.
The SQL Injection vulnerability in Classiera poses a significant risk. An attacker could exploit this flaw to bypass authentication, read, modify, or delete data stored in the WordPress database. This includes user credentials, sensitive configuration information, and potentially even the entire website content. Successful exploitation could lead to complete system compromise, data exfiltration, and denial of service. The impact is amplified if the WordPress site handles Personally Identifiable Information (PII) or financial data, as this could result in regulatory fines and reputational damage.
CVE-2025-52722 was publicly disclosed on 2025-06-27. The vulnerability's severity is classified as CRITICAL with a CVSS score of 9.3. As of this writing, there are no publicly available proof-of-concept exploits. It is advisable to monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting this vulnerability.
Exploit Status
EPSS
0.06% (18% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-52722 is to immediately upgrade the Classiera plugin to version 4.0.35 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious SQL queries targeting the vulnerable endpoints. Specifically, look for patterns indicative of SQL injection attempts, such as the presence of single quotes, double quotes, semicolons, or SQL keywords in user-supplied input. After upgrading, verify the fix by attempting a SQL injection attack on the vulnerable endpoints and confirming that the attack is blocked.
Update the Classiera theme to a version later than 4.0.34 to mitigate the SQL Injection vulnerability. Check the theme developer's page or the WordPress.org repository for the latest available version. Consider disabling or deleting the theme if it is not essential until it can be updated.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-52722 is a critical SQL Injection vulnerability affecting the Classiera WordPress plugin, allowing attackers to inject malicious SQL code and potentially compromise the database.
If you are using Classiera WordPress plugin versions 0.0.0 through 4.0.34, you are affected by this vulnerability. Upgrade to version 4.0.35 or later to mitigate the risk.
The recommended fix is to upgrade the Classiera plugin to version 4.0.35 or later. If immediate upgrade is not possible, implement a WAF rule to filter malicious SQL queries.
As of now, there are no publicly available proof-of-concept exploits or confirmed reports of active exploitation, but it is crucial to apply the patch promptly.
Refer to the Classiera plugin's official website or WordPress plugin repository for the latest advisory and update information regarding CVE-2025-52722.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.