प्लेटफ़ॉर्म
wordpress
घटक
pixel-formbuilder
में ठीक किया गया
1.0.3
CVE-2025-31914 describes a critical SQL Injection vulnerability discovered in the Pixel WordPress Form BuilderPlugin & Autoresponder. This flaw allows attackers to perform blind SQL injection, potentially leading to unauthorized data access and manipulation. The vulnerability impacts versions from 0 up to and including 1.0.2. A patch is available in version 1.0.3.
The SQL Injection vulnerability in Pixel WordPress Form BuilderPlugin & Autoresponder allows an attacker to bypass security measures and directly interact with the underlying database. Because it is a blind SQL injection, the attacker must infer the data by observing the application's response to various SQL queries. This can be a time-consuming process, but successful exploitation could lead to the extraction of sensitive user data, including usernames, passwords, email addresses, and form submissions. Depending on the database schema, an attacker might also be able to modify or delete data, potentially disrupting the website's functionality or causing data loss. The impact is particularly severe for websites that handle sensitive user information.
CVE-2025-31914 was publicly disclosed on 2025-05-23. The vulnerability's severity is high due to the potential for data exfiltration and modification. No public proof-of-concept (POC) code has been identified at the time of writing, but the nature of blind SQL injection means that exploitation is feasible with sufficient effort. It is not currently listed on the CISA KEV catalog.
Websites utilizing the Pixel WordPress Form BuilderPlugin & Autoresponder, particularly those handling sensitive user data like e-commerce sites, membership platforms, or any form that collects personal information, are at significant risk. Shared hosting environments where multiple websites share the same database are also at increased risk, as a compromise of one site could potentially lead to the compromise of others.
• wordpress / composer / npm:
grep -r "pixel-formbuilder" /var/www/html/wp-content/plugins/• wordpress / composer / npm:
wp plugin list | grep pixel-formbuilder• wordpress / composer / npm:
curl -I https://your-wordpress-site.com/wp-content/plugins/pixel-formbuilder/ | grep SQLdisclosure
एक्सप्लॉइट स्थिति
EPSS
0.23% (46% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-31914 is to immediately upgrade the Pixel WordPress Form BuilderPlugin & Autoresponder to version 1.0.3 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious SQL injection attempts targeting the vulnerable endpoints. Specifically, look for patterns associated with SQL injection payloads in user input. Monitor database logs for unusual activity or error messages that might indicate an ongoing attack. Regularly review and sanitize all user inputs to prevent future injection vulnerabilities.
Update to version 1.0.3, or a newer patched version
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-31914 is a critical SQL Injection vulnerability affecting the Pixel WordPress Form BuilderPlugin & Autoresponder, allowing attackers to potentially extract data from the database.
You are affected if you are using Pixel WordPress Form BuilderPlugin & Autoresponder versions 0 through 1.0.2. Upgrade to 1.0.3 or later to resolve the vulnerability.
Upgrade the Pixel WordPress Form BuilderPlugin & Autoresponder to version 1.0.3 or later. Consider implementing a WAF rule to filter malicious SQL injection attempts as an interim measure.
While no active exploitation has been publicly confirmed, the vulnerability's nature makes it a potential target, and proactive mitigation is recommended.
Refer to the Pixel WordPress Form BuilderPlugin & Autoresponder website or WordPress plugin repository for the official advisory and update information.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।