{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1321", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-14T23:24:24.656Z", "datePublished": "2025-03-04T03:37:59.795Z", "dateUpdated": "2026-04-08T17:23:25.384Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:23:25.384Z"}, "affected": [{"vendor": "winkm89", "product": "teachPress", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "9.0.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "title": "teachPress <= 9.0.7 - Authenticated (Contributor+) SQL Injection", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cb453fe3-ba89-437c-b3fb-9ec207eaa9f0?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3246754%40teachpress&new=3246754%40teachpress&sfp_email=&sfph_mail=#file6"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Krzysztof Zaj\u0105c"}], "timeline": [{"time": "2025-03-03T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-04T15:34:28.287806Z", "id": "CVE-2025-1321", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T15:34:36.309Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1321", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-04T15:34:28.287806Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T15:34:31.917Z"}}], "cna": {"title": "teachPress <= 9.0.7 - Authenticated (Contributor+) SQL Injection", "credits": [{"lang": "en", "type": "finder", "value": "Krzysztof Zaj\u0105c"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "winkm89", "product": "teachPress", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "9.0.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-03T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cb453fe3-ba89-437c-b3fb-9ec207eaa9f0?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3246754%40teachpress&new=3246754%40teachpress&sfp_email=&sfph_mail=#file6"}], "descriptions": [{"lang": "en", "value": "The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-03-04T03:37:59.795Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1321", "state": "PUBLISHED", "dateUpdated": "2025-03-04T15:34:36.309Z", "dateReserved": "2025-02-14T23:24:24.656Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-04T03:37:59.795Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "id": "CVE-2025-1321", "lastModified": "2025-03-04T04:15:11.547", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-03-04T04:15:11.547", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3246754%40teachpress&new=3246754%40teachpress&sfp_email=&sfph_mail=#file6"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cb453fe3-ba89-437c-b3fb-9ec207eaa9f0?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T23:43:00.221042+00:00", "value": {"mitigation_remediation": ["Upgrade teachPress to the latest release (\u22659.0.8) which removes the unsafe query.", "Revoke or downgrade Contributor accounts that do not need to use the tpsearch shortcode, limiting the exploitation scope.", "Configure the plugin or WordPress to disable the tpsearch shortcode for all users, for example by editing the plugin settings to restrict shortcode usage or by removing the shortcode from the theme.", "Deploy a web application firewall that blocks suspicious ORDER BY injection patterns to detect and block attempts."], "summary": {"action": "Apply Patch", "impact": "Data Exposure via SQL Injection"}, "threat_synthesis": {"affected_systems": "WordPress installations that include the teachPress plugin version 9.0.7 or older, distributed by winkm89. Only users with Contributor or higher privileges can exploit the flaw, so the threat surface is limited to sites with such accounts.", "description_and_impact": "The teachPress plugin for WordPress contains an SQL Injection vulnerability in the order parameter of the tpsearch shortcode in all releases up to 9.0.7. The flaw is caused by insufficient escaping of user input and a lack of prepared statements. An attacker who has logged on with Contributor level or higher can append rogue SQL statements to the constructed query and extract arbitrary data stored in the database.", "risk_and_exploitability": "The CVSS score of 6.5 classifies the issue as medium severity, and an EPSS score of less than 1% indicates a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Because an active, authenticated account is required, the typical attack vector is via legitimate login credentials \u2013 users who already have Contributor access can use the shortcode to inject statements and leak data. The overall risk remains moderate, but any exposed sensitive data could be significant for the site owner."}}}}, "created": "2025-07-12T16:01:17.171858+00:00", "updated": "2026-04-20T23:45:21.608945+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}