Refine your search
1 vulnerability found for Click & Pledge Connect Plugin by ClickandPledge
CVE-2025-32550 (GCVE-0-2025-32550)
Vulnerability from cvelistv5
Published
2025-04-09 16:09
Modified
2026-04-28 16:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Pledge Connect Plugin: from 2.24080000 through WP6.6.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickandPledge | Click & Pledge Connect Plugin |
Version: 2.24080000 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32550",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T17:40:57.507243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T18:01:25.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "click-pledge-connect",
"product": "Click \u0026 Pledge Connect Plugin",
"vendor": "ClickandPledge",
"versions": [
{
"changes": [
{
"at": "2.24120000-WP6.7.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "WP6.6.1",
"status": "affected",
"version": "2.24080000",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in ClickandPledge Click \u0026 Pledge Connect Plugin allows SQL Injection.\u003c/p\u003e\u003cp\u003eThis issue affects Click \u0026 Pledge Connect Plugin: from 2.24080000 through WP6.6.1.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in ClickandPledge Click \u0026 Pledge Connect Plugin allows SQL Injection. This issue affects Click \u0026 Pledge Connect Plugin: from 2.24080000 through WP6.6.1."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:24.089Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/click-pledge-connect/vulnerability/wordpress-click-pledge-connect-plugin-plugin-2-24080000-wp6-6-1-sql-injection-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Click \u0026 Pledge Connect Plugin wordpress plugin to the latest available version (at least 2.24120000-WP6.7.1)."
}
],
"value": "Update the WordPress Click \u0026 Pledge Connect Plugin wordpress plugin to the latest available version (at least 2.24120000-WP6.7.1)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Click \u0026 Pledge Connect Plugin Plugin \u003c= 2.24080000-WP6.6.1 - SQL Injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-32550",
"datePublished": "2025-04-09T16:09:38.648Z",
"dateReserved": "2025-04-09T11:19:56.432Z",
"dateUpdated": "2026-04-28T16:12:24.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}