Platform
wordpress
Component
uroan-core
Fixed in
1.4.5
CVE-2025-69365 describes a critical SQL Injection vulnerability discovered in the Uroan Core WordPress plugin. This flaw allows attackers to potentially bypass authentication and extract sensitive data through Blind SQL Injection techniques. The vulnerability impacts versions from 0.0.0 up to and including 1.4.4. A patch is expected to be released by the vendor.
The SQL Injection vulnerability in Uroan Core presents a significant risk to WordPress websites utilizing this plugin. An attacker could exploit this flaw to bypass authentication mechanisms, gaining unauthorized access to the application. Successful exploitation could lead to the extraction of sensitive data stored within the database, including user credentials, configuration details, and potentially even customer information. The Blind SQL Injection nature of the vulnerability means that data extraction might be slow and require multiple requests, but the potential impact remains severe. This vulnerability shares characteristics with other SQL Injection attacks, where malicious SQL queries are injected into input fields to manipulate database operations.
CVE-2025-69365 was publicly disclosed on 2026-02-20. The vulnerability's severity is rated as CRITICAL (CVSS 9.3). Currently, there are no publicly available Proof-of-Concept (PoC) exploits, but the nature of SQL Injection vulnerabilities makes it likely that one will emerge. It is not currently listed on the CISA KEV catalog. Active exploitation is not confirmed at this time.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-69365 is to upgrade to a patched version of the Uroan Core plugin as soon as it becomes available. Until a patch is released, consider disabling the plugin entirely to prevent potential exploitation. As a temporary workaround, implement strict input validation and sanitization on all user-supplied data that is used in SQL queries. Web Application Firewalls (WAFs) configured with rules to detect and block SQL Injection attempts can also provide an additional layer of protection. Monitor WordPress logs for suspicious SQL queries or database activity.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-69365 is a critical SQL Injection vulnerability affecting Uroan Core versions 0.0.0–1.4.4, allowing attackers to potentially extract data and bypass authentication.
You are affected if your WordPress site uses the Uroan Core plugin and is running a version between 0.0.0 and 1.4.4, inclusive. Upgrade immediately when a patch is available.
Upgrade to the latest patched version of the Uroan Core plugin as soon as it is released. Disable the plugin as a temporary workaround until the patch is applied.
Active exploitation is not currently confirmed, but the vulnerability's severity and nature suggest it is likely to be targeted.
Check the TeconceTheme website and WordPress plugin repository for updates and advisories related to CVE-2025-69365.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.