Primary

Context

ClickandPledge WordPress Plugin Privilege Escalation Vulnerability via SQL Injection

Vulnerability

A SQL injection vulnerability allowing privilege escalation has been identified in the ClickandPledge WordPress plugin, specifically in versions through 25.04010101-WP6.8. This vulnerability arises from improper neutralization of special elements used in SQL commands, which could be exploited to escalate user privileges.

Impact

Exploitation of this vulnerability could allow a low-privileged user to gain higher privileges, potentially leading to full control of the website.

Remediation

Users of the ClickandPledge WordPress plugin are advised to update to a version beyond 25.04010101-WP6.8. For those unable to update immediately, Patchstack offers a virtual patch that blocks attacks targeting this vulnerability.

Added: Jul 4, 2025, 1:29 PM

Updated: Jul 4, 2025, 1:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ClickandPledge WordPress Plugin Privilege Escalation Vulnerability via SQL Injection

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating