CVE-2025-10635
Description
The Find Me On WordPress plugin through 2.0.9.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing subscribers and above to perform SQL injection attacks
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Find Me On WordPress plugin up to 2.0.9.1 is vulnerable to SQL injection via an unsanitized parameter, exploitable by subscribers.
The Find Me On WordPress plugin through version 2.0.9.1 fails to sanitize and escape a parameter before incorporating it into a SQL statement. This lack of input validation allows an attacker to inject arbitrary SQL commands, a classic SQL injection vulnerability [1].
The vulnerability can be exploited by any authenticated user with at least the Subscriber role. The attacker does not need elevated privileges, as the vulnerable parameter is accessible within the plugin's functionality available to lower-privileged accounts [1].
Successful exploitation enables an attacker to execute arbitrary SQL queries against the WordPress database. This could lead to data exfiltration, modification, or deletion of database contents, including user credentials and sensitive site information [1].
As of the publication date, no fix is available for this vulnerability. The plugin may be considered abandoned or end-of-life, and users are advised to remove the plugin or apply a web application firewall rule to mitigate the risk [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <= 2.0.9.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.