{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2511", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-18T22:10:43.818Z", "datePublished": "2025-03-19T11:10:38.782Z", "dateUpdated": "2026-04-08T17:24:16.358Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:24:16.358Z"}, "affected": [{"vendor": "mitchelllevy", "product": "AHAthat Plugin", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The AHAthat Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "title": "AHAthat Plugin <= 1.6 - Authenticated (Administrator+) SQL Injection via id Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cde440a2-55f8-406a-b81b-919028f0e887?source=cve"}, {"url": "https://wordpress.org/plugins/ahathat/#developers"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "R\u00e9gis SENET"}], "timeline": [{"time": "2025-03-18T22:18:46.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-19T13:31:31.777096Z", "id": "CVE-2025-2511", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-19T13:31:42.543Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2511", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-19T13:31:31.777096Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-19T13:31:38.016Z"}}], "cna": {"title": "AHAthat Plugin <= 1.6 - Authenticated (Administrator+) SQL Injection via id Parameter", "credits": [{"lang": "en", "type": "finder", "value": "R\u00e9gis SENET"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "mitchelllevy", "product": "AHAthat Plugin", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-18T22:18:46.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cde440a2-55f8-406a-b81b-919028f0e887?source=cve"}, {"url": "https://wordpress.org/plugins/ahathat/#developers"}], "descriptions": [{"lang": "en", "value": "The AHAthat Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-03-19T11:10:38.782Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2511", "state": "PUBLISHED", "dateUpdated": "2025-03-19T13:31:42.543Z", "dateReserved": "2025-03-18T22:10:43.818Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-19T11:10:38.782Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The AHAthat Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}, {"lang": "es", "value": "El complemento AHAthat Plugin para WordPress es vulnerable a la inyecci\u00f3n SQL basada en tiempo mediante el par\u00e1metro 'id' en todas las versiones hasta la 1.6 incluida, debido a un escape insuficiente del par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n de la consulta SQL existente. Esto permite a atacantes autenticados, con acceso de administrador o superior, a\u00f1adir consultas SQL adicionales a las consultas existentes, que pueden utilizarse para extraer informaci\u00f3n confidencial de la base de datos."}], "id": "CVE-2025-2511", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-03-19T12:15:14.313", "references": [{"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/ahathat/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cde440a2-55f8-406a-b81b-919028f0e887?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T23:32:16.431381+00:00", "value": {"mitigation_remediation": ["Upgrade the AHAthat Plugin to the latest available version, which removes the vulnerable code.", "If an upgrade is not possible, remove or disable the functionality that exposes the 'id' parameter until a patch is applied.", "Apply proper input validation for the 'id' parameter and ensure that all database queries use parameterized statements. Consider configuring a web\u2011application firewall to block SQL injection patterns."], "summary": {"action": "Patch", "impact": "Database data exfiltration"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the plug\u2011in \"AHAthat Plugin\" developed by Mitchell Levy. All releases with a version number of 1.6 or earlier are impacted; newer versions released after 1.6 are not known to contain this issue.", "description_and_impact": "The AHAthat Plugin for WordPress, versions up to 1.6, is vulnerable to a time\u2011based SQL injection through the 'id' parameter because user input is insufficiently escaped and the query is not properly prepared. The flaw permits an attacker who has Administrator\u2011level or higher credentials to append arbitrary SQL statements to the existing query, enabling extraction of sensitive data from the database. This is a classic SQL injection flaw, identified as CWE\u201189.", "risk_and_exploitability": "The CVSS score of 4.9 indicates a moderate risk, and the EPSS score of less than 1% suggests that exploitation is unlikely at present. Because the flaw requires administrative access, it does not pose an immediate threat to public users, and it is not listed in CISA\u2019s KEV catalog. However, an attacker who compromises an administrative account could run additional queries to read or delete data, making the impact potentially significant for the affected site. The attack vector is likely via normal use of the WordPress admin area where the 'id' parameter can be supplied."}}}}, "created": "2026-04-20T23:45:21.600873+00:00", "updated": "2026-04-20T23:45:21.600890+00:00", "vendors": []}