{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2890", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-27T21:48:50.059Z", "datePublished": "2025-04-30T08:21:59.678Z", "dateUpdated": "2026-04-08T17:35:26.345Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:35:26.345Z"}, "affected": [{"vendor": "TagDiv", "product": "tagDiv Opt-In Builder", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018subscriptionCouponId\u2019 parameter in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "title": "tagDiv Opt-In Builder <= 1.7 - Authenticated (Subscriber+) SQL Injection via subscriptionCouponId Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fff1cff1-6745-4124-ba93-8b0749eae61a?source=cve"}, {"url": "https://tagdiv.com/newspaper-changelog/"}, {"url": "https://themeforest.net/item/newspaper/5489609"}, {"url": "https://tagdiv.com/tagdiv-opt-in-builder/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Truoc Phan"}], "timeline": [{"time": "2025-04-29T19:47:32.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-30T16:27:11.565774Z", "id": "CVE-2025-2890", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T16:28:15.786Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2890", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-30T16:27:11.565774Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T16:28:10.880Z"}}], "cna": {"title": "tagDiv Opt-In Builder <= 1.7 - Authenticated (Subscriber+) SQL Injection via subscriptionCouponId Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Truoc Phan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "TagDiv", "product": "tagDiv Opt-In Builder", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-29T19:47:32.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fff1cff1-6745-4124-ba93-8b0749eae61a?source=cve"}, {"url": "https://tagdiv.com/newspaper-changelog/"}, {"url": "https://themeforest.net/item/newspaper/5489609"}, {"url": "https://tagdiv.com/tagdiv-opt-in-builder/"}], "descriptions": [{"lang": "en", "value": "The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018subscriptionCouponId\u2019 parameter in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:35:26.345Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2890", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:35:26.345Z", "dateReserved": "2025-03-27T21:48:50.059Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-30T08:21:59.678Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018subscriptionCouponId\u2019 parameter in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}, {"lang": "es", "value": "El complemento tagDiv Opt-In Builder para WordPress es vulnerable a la inyecci\u00f3n SQL basada en tiempo mediante el par\u00e1metro 'subscriptionCouponId' en todas las versiones hasta la 1.7 incluida, debido a un escape insuficiente del par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n de la consulta SQL existente. Esto permite a atacantes autenticados, con acceso de suscriptor o superior, a\u00f1adir consultas SQL adicionales a consultas ya existentes que pueden utilizarse para extraer informaci\u00f3n confidencial de la base de datos."}], "id": "CVE-2025-2890", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-30T09:15:14.503", "references": [{"source": "security@wordfence.com", "url": "https://tagdiv.com/newspaper-changelog/"}, {"source": "security@wordfence.com", "url": "https://tagdiv.com/tagdiv-opt-in-builder/"}, {"source": "security@wordfence.com", "url": "https://themeforest.net/item/newspaper/5489609"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fff1cff1-6745-4124-ba93-8b0749eae61a?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T23:04:09.273683+00:00", "value": {"mitigation_remediation": ["Upgrade TagDiv Opt\u2011In Builder to the newest version (>=1.8) to remove the vulnerable code.", "If an upgrade is not immediately possible, restrict usage of the subscriptionCouponId parameter by disabling the coupon feature or limiting it to admin users only.", "Audit user activity logs for anomalous SQL queries or slowing responses that may indicate attempted injection, and block any suspicious patterns with a WAF or application firewall."], "summary": {"action": "Apply Patch", "impact": "Authenticated SQL injection enabling data extraction"}, "threat_synthesis": {"affected_systems": "WordPress sites that use TagDiv Opt\u2011In Builder version 1.7 or earlier, installed from TagDiv, are affected. All preceding releases up to the 1.7 release date are vulnerable.", "description_and_impact": "The plugin\u2019s subscriptionCouponId parameter is insufficiently escaped, allowing authenticated users with Subscriber-level access and higher to inject malicious SQL. This flaw is a classic SQL injection (CWE-89) that can discover sensitive data from the database.", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity, while the EPSS score of less than 1% shows low likelihood of exploitation. The vulnerability is not listed in CISA KEV, suggesting it is not actively exploited in the wild. Based on the description, attackers must possess authenticated subscriber or higher privileges, and the time\u2011based injection would likely require crafting a payload and observing delays to confirm success. An attacker could gain read\u2011only access to database tables via this vector."}}}}, "created": "2026-04-20T23:15:06.302394+00:00", "updated": "2026-04-20T23:15:06.302405+00:00", "vendors": []}