CVE-2025-64293
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Golemiq 0 Day Analytics 0-day-analytics allows SQL Injection.This issue affects 0 Day Analytics: from n/a through <= 4.0.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in WordPress 0 Day Analytics plugin (≤4.0.0) allows attackers to interact with the database, potentially stealing data.
The WordPress 0 Day Analytics plugin, versions up to and including 4.0.0, contains an improper neutralization of special elements used in an SQL command, leading to a SQL injection vulnerability [1]. This flaw arises from insufficient input validation when handling user-supplied data before constructing database queries.
Attackers can exploit this vulnerability remotely, likely without requiring authentication, by sending specially crafted requests to the plugin's endpoints [1]. The vulnerability is actively used in mass-exploit campaigns, targeting thousands of websites regardless of their size or popularity [1].
Successful exploitation allows an attacker to directly interact with the underlying database, enabling them to read, modify, or delete sensitive information such as user credentials, personal data, and other stored content [1]. This could lead to complete site compromise and data breaches.
The vulnerability has been addressed in version 4.1.0 of the plugin. Users are strongly advised to update immediately. Patchstack users can enable auto-updates for vulnerable plugins to ensure protection [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=4.0.0
- Range: <=4.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.