Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Custom Searchable Data Entry System WordPress Plugin Unauthenticated Database Wiping Vulnerability

Vulnerability

Exploited

A vulnerability exists in the Custom Searchable Data Entry System plugin for WordPress, in versions through 1.7.1. The issue allows unauthenticated users to wipe database tables, including wp_users, due to a missing capability check and inadequate validation in the ghazale_sds_delete_entries_table_row() function.

Impact

Exploitation of this vulnerability allows for unauthenticated users to delete entries from database tables, potentially including critical tables like wp_users.

Remediation

The plugin has been removed from the WordPress repository and is no longer available for download. Users are advised to deactivate and delete the plugin from their WordPress installation.

Added: Oct 1, 2025, 7:18 AM

Updated: Oct 1, 2025, 7:18 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

9.3

remediation

8.3

relevance

0.6

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

9.3

remediation

8.3

relevance

0.6

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Custom Searchable Data Entry System WordPress Plugin Unauthenticated Database Wiping Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Custom Searchable Data Entry System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating