{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68017", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-15T10:00:54.715Z", "datePublished": "2026-01-22T16:52:03.768Z", "dateUpdated": "2026-04-28T16:14:26.457Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "antideo-email-validator", "product": "Antideo Email Validator", "vendor": "Antideo", "versions": [{"changes": [{"at": "1.0.11", "status": "unaffected"}], "lessThanOrEqual": "1.0.10", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Jarno Vos (jrn5151) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:21:21.140Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.<p>This issue affects Antideo Email Validator: from n/a through <= 1.0.10.</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through <= 1.0.10."}], "impacts": [{"capecId": "CAPEC-7", "descriptions": [{"lang": "en", "value": "Blind SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:26.457Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/antideo-email-validator/vulnerability/wordpress-antideo-email-validator-plugin-1-0-10-sql-injection-vulnerability?_s_id=cve"}], "title": "WordPress Antideo Email Validator plugin <= 1.0.10 - SQL Injection vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T18:27:12.027174Z", "id": "CVE-2025-68017", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T18:27:14.423Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-68017", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T18:27:12.027174Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T17:13:36.352Z"}}], "cna": {"title": "WordPress Antideo Email Validator plugin <= 1.0.10 - SQL Injection vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Jarno Vos (jrn5151) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-7", "descriptions": [{"lang": "en", "value": "Blind SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Antideo", "product": "Antideo Email Validator", "versions": [{"status": "affected", "changes": [{"at": "1.0.11", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "1.0.10"}], "packageName": "antideo-email-validator", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:21:21.140Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/antideo-email-validator/vulnerability/wordpress-antideo-email-validator-plugin-1-0-10-sql-injection-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through <= 1.0.10.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.<p>This issue affects Antideo Email Validator: from n/a through <= 1.0.10.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:13:55.630Z"}}}, "cveMetadata": {"cveId": "CVE-2025-68017", "state": "PUBLISHED", "dateUpdated": "2026-04-27T18:27:14.423Z", "dateReserved": "2025-12-15T10:00:54.715Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-01-22T16:52:03.768Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through <= 1.0.10."}, {"lang": "es", "value": "Neutralizaci\u00f3n Incorrecta de Elementos Especiales utilizados en un Comando SQL ('Inyecci\u00f3n SQL') vulnerabilidad en Antideo Antideo Email Validator antideo-email-validator permite Inyecci\u00f3n SQL Ciega. Este problema afecta a Antideo Email Validator: desde n/a hasta &lt;= 1.0.10."}], "id": "CVE-2025-68017", "lastModified": "2026-04-27T19:16:21.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-01-22T17:16:08.073", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/antideo-email-validator/vulnerability/wordpress-antideo-email-validator-plugin-1-0-10-sql-injection-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-27T21:23:11.773635+00:00", "value": {"mitigation_remediation": ["Upgrade Antideo Email Validator to the latest available version that addresses the SQL injection flaw.", "If an update is not available or cannot be applied immediately, safely remove or disable the plugin to eliminate the attack surface.", "Deploy a Web Application Firewall or similar input\u2011validation controls to detect and block suspicious SQL injection attempts targeting WordPress plugins."], "summary": {"action": "Immediate Patch", "impact": "SQL Injection"}, "threat_synthesis": {"affected_systems": "The vulnerability exists in the Antideo Email Validator plugin for WordPress from earlier unknown versions through 1.0.10 inclusive. Users who have not applied an update beyond 1.0.10 remain affected.", "description_and_impact": "Improper neutralization of special elements was found in Antideo Email Validator, allowing attackers to carry out blind SQL injection. The flaw permits an adversary to send crafted input into the plugin\u2019s email validation routine, causing the application to embed unsanitized data into database queries. Successful exploitation can lead to unauthorized data retrieval, modification, or deletion, compromising the website\u2019s confidentiality, integrity, and availability. The weakness corresponds to CWE-89.", "risk_and_exploitability": "The CVSS score is 7.5, indicating a moderate\u2011to\u2011high severity. The EPSS score is below 1%, suggesting low but non\u2011zero probability of exploitation in the wild. The issue is not yet listed in CISA\u2019s KEV catalog. The most likely attack vector is a remote attacker submitting malicious data via the plugin\u2019s email validation form on a publicly accessible WordPress site. No specific environment or credential prerequisites are stated, so the vulnerability is presumed to be exploitable by unauthenticated users who can interact with the plugin\u2019s interface."}}}}, "created": "2026-01-23T16:31:04.823672+00:00", "updated": "2026-04-27T21:30:13.888952+00:00", "vendors": ["antideo", "antideo$PRODUCT$email_validator", "wordpress", "wordpress$PRODUCT$wordpress"]}