CVE-2025-2011 – WordPress Slider & Popup Builder by Depicter SQL Injection Vulnerability

May 6, 2025

CVE ID : CVE-2025-2011

Published : May 6, 2025, 10:15 a.m. | 1 hour, 37 minutes ago

Description : The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s’ parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3782 – Cision Block Stored Cross-Site Scripting Vulnerability

Next Article VS meldt actief misbruik van beveiligingslek in AI-software Langflow

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Xbox handheld leaks in new “Project Kennan” photos from the FCC — plus an ASUS ROG Ally 2 prototype with early specs

OpenAI plays into Elon Musk’s hands, ditching for-profit plan — but Sam Altman doesn’t have Microsoft’s blessing yet

“Are we all doomed?” — Fiverr CEO Micha Kaufman warns that AI is coming for all of our jobs, just as Bill Gates predicted

I went hands-on with dozens of indie games at Gamescom Latam last week — You need to wishlist these 7 titles right now

Mastering Node.js Streams: The Ultimate Guide to Memory-Efficient File Processing

Mastering Node.js Streams: The Ultimate Guide to Memory-Efficient File Processing

Sitecore PowerShell commands – XM Cloud Content Migration

Our Partner Adobe Recognized Again as a DXP Leader

Xbox handheld leaks in new “Project Kennan” photos from the FCC — plus an ASUS ROG Ally 2 prototype with early specs

Xbox handheld leaks in new “Project Kennan” photos from the FCC — plus an ASUS ROG Ally 2 prototype with early specs

OpenAI plays into Elon Musk’s hands, ditching for-profit plan — but Sam Altman doesn’t have Microsoft’s blessing yet

“Are we all doomed?” — Fiverr CEO Micha Kaufman warns that AI is coming for all of our jobs, just as Bill Gates predicted

CVE-2025-2011 – WordPress Slider & Popup Builder by Depicter SQL Injection Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

AI agent deployments will grow 327% during the next two years. Here’s what to do now

NanoNets AI Solution Transfers Delivery Information to Jamix

Worlds Collide: Keyframe Collision Detection Using Style Queries

Why Synology’s new NAS drive support policy isn’t as bad as I first thought

CVE-2023-4377 – Apache Struts Remote Code Execution Vulnerability

Search enterprise data assets using LLMs backed by knowledge graphs

One of the best cheap earbuds I’ve tested isn’t made by Soundcore or Earfun (and it’s on sale)

Updating the Frontier Safety Framework

CVE-2025-2011 – WordPress Slider & Popup Builder by Depicter SQL Injection Vulnerability

Related Posts