What is CVE-2025-32636 — SQL Injection in Local Magic WordPress Plugin?

CVE-2025-32636 is a critical SQL Injection vulnerability affecting Local Magic versions 0.0.0 through 2.9.0, allowing attackers to inject malicious SQL code and potentially gain unauthorized database access.

Am I affected by CVE-2025-32636 in Local Magic WordPress Plugin?

You are affected if you are using Local Magic versions 0.0.0 to 2.9.0. Immediately check your plugin version and upgrade if necessary.

How do I fix CVE-2025-32636 in Local Magic WordPress Plugin?

Upgrade Local Magic to version 2.9.1 or later. Consider implementing a WAF rule as an interim measure if immediate upgrading is not possible.

Is CVE-2025-32636 being actively exploited?

While active exploitation is not yet confirmed, the vulnerability's severity and ease of exploitation suggest a medium probability of exploitation. Monitor security advisories for updates.

Where can I find the official Local Magic advisory for CVE-2025-32636?

Refer to the Local Magic plugin website and WordPress.org plugin repository for the official advisory and update information.

CVE-2025-32636 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2025-32636 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• wordpress / composer / npm:

grep -r "SELECT .* FROM" /var/www/html/wp-content/plugins/local-magic/

• generic web:

curl -I 'http://your-wordpress-site.com/wp-admin/admin.php?page=local-magic&action=some_vulnerable_function' | grep 'SQL injection attempt'

• wordpress / composer / npm:

wp plugin list --status=inactive | grep local-magic

WordPress Local Magic plugin <= 2.9.0 - SQL Injection vulnerability

Impacto e Cenários de Ataquetraduzindo…

Contexto de Exploraçãotraduzindo…

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativastraduzindo…

Como corrigirtraduzindo…

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2025-32636 — SQL Injection in Local Magic WordPress Plugin?

Am I affected by CVE-2025-32636 in Local Magic WordPress Plugin?

How do I fix CVE-2025-32636 in Local Magic WordPress Plugin?

Is CVE-2025-32636 being actively exploited?

Where can I find the official Local Magic advisory for CVE-2025-32636?

Informações do pacote

Seu projeto está afetado?

Detecte esta CVE no seu projeto