CVE-2025-6970 Scanner
CVE-2025-6970 Scanner - SQL Injection vulnerability in WordPress Events Manager
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
8 days 15 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
WordPress Events Manager is a widely used plugin for WordPress sites, offering features such as calendar management, event bookings, and ticket sales. It serves website administrators and end-users who require event management capabilities on their WordPress sites. The plugin is known for its flexibility and ease of use, allowing customization to fit diverse event management needs. Users rely on it to automate events, manage attendees, and integrate with other WordPress functionalities. It is commonly used by businesses, educational institutions, and event organizers to streamline event management processes. The plugin's widespread use makes it a critical component of many WordPress sites seeking efficient event management solutions.
The vulnerability discovered in the WordPress Events Manager pertains to an SQL Injection flaw. SQL Injection vulnerabilities allow attackers to manipulate SQL queries by injecting malicious code through input fields. This specific vulnerability is due to insufficient escaping of a user-supplied parameter and lack of adequate preparation on SQL queries. By exploiting this vulnerability, an attacker can inject additional SQL queries into existing ones, leading to the exposure of sensitive data. SQL Injection vulnerabilities are severely critical as they can potentially allow unauthorized access to sensitive user information stored in the database. The specific vulnerability can lead to significant data breaches if not adequately addressed.
The technical details of the vulnerability reveal that it involves a time-based SQL Injection via the 'orderby' parameter. This parameter is insufficiently escaped, making it possible for attackers to insert commands that manipulate SQL queries. The lack of preparation and validation of this input parameter leads to potential injecting of time delays in SQL queries using the Sleep() command. Attackers targeting this vulnerability can execute slow extraction of database information over time. This vulnerability is present in all versions up to 7.0.3, making it necessary for users to be vigilant about updates. The vulnerable end point is found within the admin-ajax.php file, exposing the database to unauthorized manipulation.
If exploited, this vulnerability could have severe consequences, including unauthorized data disclosure and potential data manipulation. Attackers could retrieve sensitive data such as user credentials, personal information, and other confidential details from the database. This breach of data confidentiality could lead to identity theft, unauthorized access to user accounts, and potential financial harm. Moreover, malicious manipulation of database content could disrupt the functionality of the WordPress site and related services. The exposure of vulnerability could damage user trust and affect the reputation of businesses or organizations using the plugin for critical event management operations.
REFERENCES
- https://wpscan.com/vulnerability/CVE-2025-6970
- https://patchstack.com/database/vulnerability/events-manager/wordpress-events-manager-calendar-bookings-tickets-and-more-plugin-7-0-3-unauthenticated-sql-injection-via-orderby-parameter
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/events-manager/events-manager-703-unauthenticated-sql-injection-via-orderby-parameter
- https://nvd.nist.gov/vuln/detail/CVE-2025-6970