CVE-2025-13652 Scanner

The WordPress CBX Bookmark & Favorite Plugin is a recognized tool commonly used by WordPress website administrators to manage bookmarks and favorites. It is developed by Codeboxr and aims to enhance user experience by enabling easy bookmarking of pages on a WordPress site. Its primary users include bloggers, news websites, and sites with extensive user-generated content where bookmarking is beneficial. It facilitates seamless integration with WordPress ecosystems, offering flexibility and customization options to site owners. The plugin is vital for user interaction retention via bookmarks, which can be shared through social media or emails. It is an essential utility for WordPress sites focusing on personalized user experience.

The vulnerability associated with the WordPress CBX Bookmark & Favorite Plugin is a critical SQL Injection flaw. SQL Injection is a type of attack that exploits database query vulnerabilities by inserting malicious SQL code into input fields. The vulnerability arises from the improper escaping of the 'orderby' parameter, allowing potential attackers with low-level subscriber access to execute unauthorized actions on the database. If exploited successfully, this can lead to unauthorized access to sensitive data stored within the WordPress database. This attack vector poses significant risks, particularly in multi-user WordPress environments where data confidentiality is pivotal. Consequently, site administrators must address this vulnerability to maintain site security and protect user data.

From a technical standpoint, the vulnerable endpoint for this SQL Injection in the CBX Bookmark & Favorite Plugin is within an admin-ajax.php request. The vulnerability is located in the parameter 'orderby', which fails to properly escape or validate input. Attackers can manipulate this parameter to inject arbitrary SQL code, potentially allowing them to extract sensitive data or alter database contents. Specifically, the use of a subquery exploit in these parameters can delay responses, indicating successful execution. Detecting such a flaw entails capturing traffic for anomalies like unusually delayed responses upon sending crafted SQL Injection payloads. The vulnerability underscores the importance of ensuring parameterized queries and input validation in dynamic content management systems like WordPress.

Exploiting the SQL Injection vulnerability can lead to severe consequences. Attackers might extract confidential data such as user credentials, personal user data, and site configurations, which could be leveraged for further attacks. The integrity of the database might also be compromised, resulting in data being added, altered, or deleted without authorization. This could lead to data corruption or loss, potentially affecting site functionality and user trust. Furthermore, manipulated data could be used for reflecting misleading information to legitimate users or distributing malware. Overall, exploitation could significantly damage both data integrity and user confidence, emphasizing the need for immediate remediation.

REFERENCES

• https://nvd.nist.gov/vuln/detail/CVE-2025-13652
• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cbxwpbookmark/cbx-bookmark-favorite-204-authenticated-subscriber-sql-injection
• https://plugins.trac.wordpress.org/changeset/3276203/cbxwpbookmark