{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6718", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-26T13:40:59.684Z", "datePublished": "2025-07-18T05:23:57.362Z", "dateUpdated": "2026-04-08T16:51:42.471Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:51:42.471Z"}, "affected": [{"vendor": "b1accounting", "product": "Site.pro for WooCommerce", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.2.57", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX action in all versions up to, and including, 2.2.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute and run arbitrary SQL commands."}], "title": "B1.lt for WooCommerce <= 2.2.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Injection", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4e479a3f-ef1a-4476-89e1-86d0f388f2c3?source=cve"}, {"url": "https://wordpress.org/plugins/b1-accounting/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3338792%40b1-accounting&new=3338792%40b1-accounting&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3329617%40b1-accounting&new=3329617%40b1-accounting&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Aur\u00e9lien BOURDOIS"}], "timeline": [{"time": "2025-07-17T16:35:21.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-18T14:46:22.029208Z", "id": "CVE-2025-6718", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-18T14:56:18.412Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6718", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-18T14:46:22.029208Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-18T14:54:28.442Z"}}], "cna": {"title": "B1.lt for WooCommerce <= 2.2.56 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Injection", "credits": [{"lang": "en", "type": "finder", "value": "Aur\u00e9lien BOURDOIS"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "b1accounting", "product": "B1.lt", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.2.56"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-17T16:35:21.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4e479a3f-ef1a-4476-89e1-86d0f388f2c3?source=cve"}, {"url": "https://wordpress.org/plugins/b1-accounting/"}], "descriptions": [{"lang": "en", "value": "The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX action in all versions up to, and including, 2.2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute and run arbitrary SQL commands."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-07-18T05:23:57.362Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6718", "state": "PUBLISHED", "dateUpdated": "2025-07-18T14:56:18.412Z", "dateReserved": "2025-06-26T13:40:59.684Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-18T05:23:57.362Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX action in all versions up to, and including, 2.2.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute and run arbitrary SQL commands."}, {"lang": "es", "value": "El complemento B1.lt para WordPress es vulnerable a la inyecci\u00f3n SQL debido a la falta de una comprobaci\u00f3n de capacidad en la acci\u00f3n AJAX b1_run_query en todas las versiones hasta la 2.2.56 incluida. Esto permite a atacantes autenticados, con acceso de suscriptor o superior, ejecutar comandos SQL arbitrarios."}], "id": "CVE-2025-6718", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-18T06:15:27.453", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3329617%40b1-accounting&new=3329617%40b1-accounting&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3338792%40b1-accounting&new=3338792%40b1-accounting&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/b1-accounting/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4e479a3f-ef1a-4476-89e1-86d0f388f2c3?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T03:59:10.261249+00:00", "value": {"mitigation_remediation": ["Update the B1.lt plugin to the latest released version that removes the missing capability check.", "If immediate update is not possible, limit access to the b1_run_query AJAX action to administrator users by adding a capability check or disabling the endpoint for lower roles.", "Verify that default Subscriber accounts cannot execute arbitrary SQL commands; review site roles and permissions and consider removing the Subscriber role from users who should not have database access."], "summary": {"action": "Update plugin", "impact": "Database compromise"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the B1.lt plugin for WordPress, integrated with WooCommerce and sold by b1accounting:Site.pro. Versions 2.2.57 and earlier are impacted. Site owners running those versions should check the installed version and plan to upgrade.", "description_and_impact": "An authenticated subscriber can trigger the b1_run_query AJAX action that lacks a proper capability check. The flaw allows the attacker to inject and execute arbitrary SQL statements. This can lead to the disclosure of sensitive data, unauthorized modification or deletion of database contents, and potentially compromise the integrity and confidentiality of the entire site.", "risk_and_exploitability": "The CVSS score of 8.8 reflects a high severity. EPSS indicates a very low current exploitation probability, and the vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation requires a user with at least Subscriber-level access, which is normally granted to regular customers. Once authenticated, the attacker can dispatch the vulnerable AJAX endpoint and supply malicious SQL payloads. The lack of authorization control (CWE-862) is the root cause."}}}}, "created": "2025-07-21T15:17:11.022636+00:00", "updated": "2026-04-21T04:00:10.075042+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}