Critical severity9.3NVD Advisory· Published Jun 9, 2025· Updated Apr 23, 2026

CVE-2025-31424

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through < 2.6.

Affected products

WordPress/Leadcaptureinferred
Range: < 2.6
Package: https://wordpress.org/plugins/leadcapture

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patchstack.com/database/Wordpress/Plugin/leadcapture/vulnerability/wordpress-wp-lead-capturing-pages-plugin-2-3-sql-injection-vulnerabilitynvd

News mentions

No linked articles in our index yet.

cvss	0.605
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000