平台
wordpress
组件
office-locator
修复版本
1.3.1
CVE-2025-32665 describes a SQL Injection vulnerability discovered in WebbyTemplate Office Locator. This flaw allows attackers to inject malicious SQL code, potentially compromising sensitive data and system integrity. The vulnerability impacts versions from 0.0.0 up to and including 1.3.0. A patch is available in version 1.3.1.
Successful exploitation of this SQL Injection vulnerability could allow an attacker to bypass authentication mechanisms and gain unauthorized access to the underlying database. This could lead to the exfiltration of sensitive information, including user credentials, personal data, and potentially even administrative access. Depending on the database schema and permissions, an attacker might also be able to modify or delete data, leading to denial of service or further compromise. The blast radius extends to any data stored within the Office Locator database, making it a high-priority concern.
CVE-2025-32665 was publicly disclosed on 2025-04-17. As of this date, no public proof-of-concept exploits have been identified. The vulnerability's criticality (CVSS 9.3) suggests a high probability of exploitation if left unpatched. It is not currently listed on CISA KEV.
Websites utilizing the WebbyTemplate Office Locator plugin, particularly those with sensitive data stored within the plugin's database, are at significant risk. Shared hosting environments where multiple websites share the same database are especially vulnerable, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r "SELECT .* FROM" /var/www/html/wp-content/plugins/office-locator/• generic web:
curl -I 'http://your-website.com/office-locator/?q=' # Check for SQL injection attempts in query parametersdisclosure
漏洞利用状态
EPSS
0.23% (46% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-32665 is to immediately upgrade WebbyTemplate Office Locator to version 1.3.1 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to filter out potentially malicious SQL injection attempts. Input validation and sanitization on all user-supplied data are also crucial preventative measures. Regularly review database access permissions to limit the potential impact of a successful attack.
Actualice el plugin Office Locator a la última versión disponible para mitigar la vulnerabilidad de inyección SQL. Verifique las actualizaciones disponibles en el repositorio de plugins de WordPress o en el sitio web del desarrollador. Implemente medidas de seguridad adicionales, como la validación y el saneamiento de las entradas del usuario, para prevenir futuras vulnerabilidades.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-32665 is a critical SQL Injection vulnerability affecting WebbyTemplate Office Locator versions 0.0.0 through 1.3.0, allowing attackers to inject malicious SQL code.
If you are using WebbyTemplate Office Locator versions 0.0.0 to 1.3.0, you are potentially affected by this vulnerability. Upgrade immediately.
Upgrade WebbyTemplate Office Locator to version 1.3.1 or later to resolve this SQL Injection vulnerability. Consider WAF rules as an interim measure.
As of 2025-04-17, no active exploitation has been confirmed, but the high CVSS score indicates a potential for exploitation.
Refer to the WebbyTemplate website or plugin repository for the official advisory and release notes regarding this vulnerability.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。