CVE-2025-2890 – TagDiv Opt-In Builder WordPress SQL Injection

April 30, 2025

CVE ID : CVE-2025-2890

Published : April 30, 2025, 9:15 a.m. | 3 hours, 39 minutes ago

Description : The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘subscriptionCouponId’ parameter in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4124 – Delta Electronics ISPSoft Out-Of-Bounds Write Vulnerability

Next Article Samsung MagicINFO Vulnerability Allows Remote Code Execution Without Valid User

Highlights

CVE-2025-27566 – a-blog CMS Path Traversal Vulnerability

May 19, 2025

CVE ID : CVE-2025-27566

Published : May 19, 2025, 9:15 a.m. | 2 hours, 1 minute ago

Description : Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote authenticated attacker with the administrator privilege may obtain or delete any file on the server.

Severity: 3.8 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Error’d: Monkey Business

Not just YouTube: Google is using AI to guess your age based on your activity – everywhere

Malicious extensions can use ChatGPT to steal your personal data – here’s how

What Zuckerberg’s ‘personal superintelligence’ sales pitch leaves out

Write Faster With WordPress’ Shortcodes

Write Faster With WordPress’ Shortcodes

Build, Run, and Integrate Your Own LLM with Ollama

How to install IoT platform — Total.js

When Flatpak’s Sandbox Cracks: Real‑Life Security Issues Beyond the Ideal

When Flatpak’s Sandbox Cracks: Real‑Life Security Issues Beyond the Ideal

mpd-mpris – MPRIS protocol for MPD

Rilasciata 4MLinux 49: Distribuzione GNU/Linux Leggera e Versatile

CVE-2025-2890 – TagDiv Opt-In Builder WordPress SQL Injection

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

CVE-2025-37817 – Linux kernel Double Free in Chameleon Driver

Laravel Inertia Roles & Permissions: Breeze/Jetstream Examples

Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa

These stackable toolkits have a compact design that looks great in my workshop

CVE-2025-27566 – a-blog CMS Path Traversal Vulnerability

CVE-2025-6110 – Tenda FH1201 Stack-Based Buffer Overflow Vulnerability

JSON module scripts are now Baseline Newly available

CVE-2025-52046 – Totolink A3300R Command Injection Vulnerability

CVE-2025-2890 – TagDiv Opt-In Builder WordPress SQL Injection

Related Posts