Plataforma
wordpress
Componente
majestic-support
Corrigido em
1.1.1
CVE-2025-48283 describes a SQL Injection vulnerability discovered in Majestic Support, a WordPress plugin. This flaw allows attackers to inject arbitrary SQL code, potentially granting them unauthorized access to sensitive data stored within the database. The vulnerability impacts versions 0.0 through 1.1.0 of the plugin and has been resolved in version 1.1.1.
Successful exploitation of this SQL Injection vulnerability could allow an attacker to bypass authentication, read, modify, or delete data from the WordPress database. This includes user credentials, sensitive configuration information, and potentially even the entire website content. Depending on the database structure and permissions, an attacker might also be able to execute arbitrary commands on the server, leading to complete system compromise. The potential blast radius is significant, as a successful attack could expose the entire WordPress installation and its associated data.
CVE-2025-48283 was publicly disclosed on 2025-05-23. The vulnerability's severity is high due to the potential for significant data compromise and system takeover. No public proof-of-concept (PoC) code has been released at the time of this writing, but the SQL Injection nature of the vulnerability makes it likely that a PoC will emerge. It is not currently listed on the CISA KEV catalog.
WordPress websites utilizing the Majestic Support plugin, particularly those running versions 0.0 through 1.1.0, are at significant risk. Shared hosting environments where multiple websites share the same database are especially vulnerable, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r "SELECT .* FROM" /var/www/html/wp-content/plugins/majestic-support/• generic web:
curl -I https://your-wordpress-site.com/wp-admin/admin.php?page=majestic-support&action=some_action | grep SQLdisclosure
Status do Exploit
EPSS
0.23% (percentil 46%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-48283 is to immediately upgrade Majestic Support to version 1.1.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious SQL injection attempts. Specifically, look for patterns associated with SQL keywords (SELECT, INSERT, UPDATE, DELETE) and special characters (';', '--'). Carefully review any custom SQL queries used within the plugin and ensure proper input validation and sanitization. After upgrading, confirm the vulnerability is resolved by attempting a SQL injection attack through the affected endpoint and verifying that it is properly blocked.
Actualice el plugin Majestic Support a la última versión disponible para mitigar la vulnerabilidad de inyección SQL. Verifique las actualizaciones del plugin en el panel de administración de WordPress o en el repositorio oficial de WordPress.org.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-48283 is a critical SQL Injection vulnerability affecting Majestic Support WordPress plugin versions 0.0 through 1.1.0, allowing attackers to inject malicious SQL code.
If you are using Majestic Support version 0.0 to 1.1.0 on your WordPress site, you are potentially affected and should upgrade immediately.
Upgrade Majestic Support to version 1.1.1 or later to resolve the SQL Injection vulnerability. Consider WAF rules as a temporary mitigation if upgrading is not immediately possible.
While no active exploitation has been confirmed, the SQL Injection nature of the vulnerability makes it a likely target for attackers.
Refer to the Majestic Support website or WordPress plugin repository for the official advisory and update information.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.