High severity8.5NVD Advisory· Published Dec 9, 2025· Updated Apr 27, 2026

CVE-2025-67517

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Blind SQL Injection.This issue affects ArtPlacer Widget: from n/a through <= 2.22.9.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Blind SQL Injection in ArtPlacer Widget plugin for WordPress up to 2.22.9.2 allows attackers to interact with the database; patch to 2.23.

Vulnerability

Description The ArtPlacer Widget plugin for WordPress versions up to and including 2.22.9.2 contains a blind SQL injection vulnerability due to improper neutralization of special elements used in SQL commands. This allows an attacker to inject malicious SQL queries through the plugin's input fields.

Exploitation

According to the advisory [1], this type of vulnerability is often used in mass-exploit campaigns, indicating that exploitation can be performed remotely without requiring authentication. An attacker can send crafted HTTP requests containing SQL payloads to trigger the blind injection, gradually extracting information from the database.

Impact

Successful exploitation enables an attacker to directly interact with the WordPress database, potentially stealing sensitive data such as user credentials, post content, and other configuration details. The CVSS score of 8.5 reflects the high risk of data compromise.

Mitigation

The vulnerability is addressed in version 2.23 of the ArtPlacer Widget plugin. Users are strongly advised to update immediately to protect their sites. For those who cannot update immediately, consulting with a hosting provider or developer for temporary workarounds is recommended [1].

References

SQL Injection in WordPress ArtPlacer Widget Plugin

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WordPress/Artplacer Widgetllm-fuzzy
Range: <= 2.22.9.2
Package: https://wordpress.org/plugins/artplacer-widget

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patchstack.com/database/Wordpress/Plugin/artplacer-widget/vulnerability/wordpress-artplacer-widget-plugin-2-22-9-2-sql-injection-vulnerabilitynvd

News mentions

No linked articles in our index yet.

cvss	0.552
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000