CVE-2025-12502

MEDIUM 6.8

Attention Bar <= 0.7.2.1 - Admin+ SQLi

CVSS Score

6.8

EPSS Score

0.0%

EPSS Percentile

13th

The attention-bar WordPress plugin through 0.7.2.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users such as administrator to perform SQL injection attacks

Vendor	unknown
Product	attention-bar
Published	Nov 20, 2025
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for unknown attention-bar

Be the first to know when new medium vulnerabilities affecting unknown attention-bar are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / attention-bar

0 ≤ 0.7.2.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/75e63134-4c8a-45fd-b7fc-db40644ddb8c/

Credits

Yousof Nahya WPScan