CVE-2025-53258
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wow-Company Hover Effects hover-effects allows SQL Injection.This issue affects Hover Effects: from n/a through <= 2.1.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL Injection vulnerability in WordPress Hover Effects plugin (≤2.1.2) allows unauthenticated attackers to execute arbitrary SQL commands, potentially leading to data theft.
The Hover Effects plugin for WordPress, developed by Wow-Company, contains a SQL Injection vulnerability due to improper neutralization of special elements used in SQL commands. Versions through 2.1.2 are affected, allowing attackers to inject malicious SQL queries via unsanitized user input [1].
Exploitation does not require authentication; an attacker can send crafted HTTP requests to the vulnerable plugin endpoint. This type of vulnerability is frequently leveraged in mass-exploit campaigns targeting thousands of WordPress sites regardless of their size or popularity [1].
Successful exploitation enables an attacker to directly interact with the underlying database. This can lead to unauthorized reading, modification, or deletion of data, including sensitive information such as user credentials and site configuration [1].
The vendor has addressed the issue in version 2.1.3. Users are strongly advised to update to this version or later. Patchstack users can enable auto-updates for vulnerable plugins to ensure timely patching [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<= 2.1.2+ 1 more
- (no CPE)range: <= 2.1.2
- (no CPE)range: <=2.1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.