CVE-2025-28983 – Click & Pledge Connect SQL Injection Privilege Escalation

July 4, 2025

CVE ID : CVE-2025-28983

Published : July 4, 2025, 12:15 p.m. | 2 hours, 44 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ClickandPledge Click & Pledge Connect allows Privilege Escalation. This issue affects Click & Pledge Connect: from 25.04010101 through WP6.8.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-32297 – Quantumcloud Simple Link Directory SQL Injection

Next Article CVE-2025-30933 – LiquidThemes LogisticsHub Unrestricted File Upload Vulnerability

Highlights

CVE-2025-47780 – Asterisk CLI Permissions Bypass Vulnerability

May 22, 2025

CVE ID : CVE-2025-47780

Published : May 22, 2025, 5:15 p.m. | 1 hour, 36 minutes ago

Description : Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

Laravel in the First Half of 2025

Laravel in the First Half of 2025

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

GOnnect – easy to use VoIP client

GOnnect – easy to use VoIP client

Gnuinos – spin of Devuan Linux

5 Best Free and Open Source Backend Electronic Circuit Simulators

CVE-2025-28983 – Click & Pledge Connect SQL Injection Privilege Escalation

CVE-2025-23970 – Aonetheme Service Finder Booking Privilege Escalation

CVE-2025-24780 – Printcart Web to Print Product Designer for WooCommerce SQL Injection

Laravel Wayfinder Public Beta

CVE-2025-4899 – Campcodes Sales and Inventory System SQL Injection Vulnerability

Exploit CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2)

CVE-2025-3890 – WordPress Simple Shopping Cart Stored Cross-Site Scripting

CVE-2025-47780 – Asterisk CLI Permissions Bypass Vulnerability

Documentation done right: A developer’s guide

CVE-2025-48959 – Acronis Cyber Protect Cloud Agent Local Privilege Escalation

New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions

CVE-2025-28983 – Click & Pledge Connect SQL Injection Privilege Escalation

Related Posts