{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-52830", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-06-19T10:03:50.593Z", "datePublished": "2025-07-04T11:17:52.757Z", "dateUpdated": "2026-04-28T16:13:20.167Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "bsecure", "product": "bSecure \u2013 Your Universal Checkout", "vendor": "bSecure \u2013 Your Universal Checkout", "versions": [{"lessThanOrEqual": "1.7.9", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "ch4r0n | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:41:42.566Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bSecure \u2013 Your Universal Checkout bSecure \u2013 Your Universal Checkout bsecure allows Blind SQL Injection.<p>This issue affects bSecure \u2013 Your Universal Checkout: from n/a through <= 1.7.9.</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bSecure \u2013 Your Universal Checkout bSecure \u2013 Your Universal Checkout bsecure allows Blind SQL Injection.This issue affects bSecure \u2013 Your Universal Checkout: from n/a through <= 1.7.9."}], "impacts": [{"capecId": "CAPEC-7", "descriptions": [{"lang": "en", "value": "Blind SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:13:20.167Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/bsecure/vulnerability/wordpress-bsecure-your-universal-checkout-1-7-9-sql-injection-vulnerability?_s_id=cve"}], "title": "WordPress bSecure \u2013 Your Universal Checkout plugin <= 1.7.9 - SQL Injection Vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-07T14:05:57.224511Z", "id": "CVE-2025-52830", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-07T15:00:51.956Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52830", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-06-19T10:03:50.593Z", "datePublished": "2025-07-04T11:17:52.757Z", "dateUpdated": "2025-07-07T15:00:51.956Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-07-04T11:17:52.757Z"}, "title": "WordPress bSecure \u2013 Your Universal Checkout <= 1.7.9 - SQL Injection Vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-7", "descriptions": [{"lang": "en", "value": "CAPEC-7 Blind SQL Injection"}]}], "affected": [{"vendor": "bsecuretech", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "bsecure", "product": "bSecure &#8211; Your Universal Checkout", "versions": [{"lessThanOrEqual": "1.7.9", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bsecuretech bSecure &#8211; Your Universal Checkout allows Blind SQL Injection. This issue affects bSecure &#8211; Your Universal Checkout: from n/a through 1.7.9.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bsecuretech bSecure &#8211; Your Universal Checkout allows Blind SQL Injection.</p><p>This issue affects bSecure &#8211; Your Universal Checkout: from n/a through 1.7.9.</p>"}]}], "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/bsecure/vulnerability/wordpress-bsecure-your-universal-checkout-1-7-9-sql-injection-vulnerability?_s_id=cve"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "baseSeverity": "CRITICAL", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "version": "3.1"}}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "ch4r0n (Patchstack Alliance)"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52830", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-07T14:05:57.224511Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-07T14:05:58.311Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bSecure \u2013 Your Universal Checkout bSecure \u2013 Your Universal Checkout bsecure allows Blind SQL Injection.This issue affects bSecure \u2013 Your Universal Checkout: from n/a through <= 1.7.9."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en bsecuretech bSecure \u2013 Your Universal Checkout permite la inyecci\u00f3n SQL ciega. Este problema afecta a bSecure - Your Universal Checkout: desde n/d hasta la versi\u00f3n 1.7.9."}], "id": "CVE-2025-52830", "lastModified": "2026-04-28T19:33:29.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-07-04T12:15:34.633", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/bsecure/vulnerability/wordpress-bsecure-your-universal-checkout-1-7-9-sql-injection-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"created": "2025-07-13T21:47:45.404647+00:00", "updated": "2026-04-30T10:00:16.502473+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}