CVE-2025-10652
📋 TL;DR
This SQL injection vulnerability in the Robcore Netatmo WordPress plugin allows authenticated attackers with Contributor-level access or higher to inject malicious SQL queries through the 'module_id' parameter in shortcodes. This can lead to unauthorized database access and sensitive information extraction. All WordPress sites using this plugin version 1.7 or earlier are affected.
💻 Affected Systems
- Robcore Netatmo WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including extraction of sensitive user data, administrative credentials, and potential privilege escalation to full site control.
Likely Case
Data exfiltration of user information, plugin configuration data, and potentially other WordPress database content accessible through SQL injection.
If Mitigated
Limited impact if proper input validation and parameterized queries are implemented, restricting attackers to data they already have access to.
🎯 Exploit Status
Requires authenticated access (Contributor role or higher) and knowledge of WordPress shortcode usage.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.7
Vendor Advisory: https://plugins.trac.wordpress.org/browser/robcore-netatmo
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Robcore Netatmo' plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove plugin until patched version is released.
🔧 Temporary Workarounds
Remove Contributor SQL Permissions
WordPressTemporarily restrict Contributor role users from using shortcodes or modify their capabilities to prevent exploitation.
🧯 If You Can't Patch
- Deactivate and remove the Robcore Netatmo plugin immediately
- Implement web application firewall (WAF) rules to block SQL injection patterns targeting the module_id parameter
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for Robcore Netatmo version 1.7 or earlier.Check Version:
wp plugin list --name=robcore-netatmo --field=versionVerify Fix Applied:
Verify plugin version is greater than 1.7 after update, or confirm plugin is removed from site.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in WordPress debug logs
- Multiple failed login attempts followed by SQL error messages
- Unexpected database queries from Contributor-level users
Network Indicators:
- HTTP POST requests containing SQL injection patterns in module_id parameter
- Unusual database connection patterns from web server
SIEM Query:
source="wordpress.log" AND ("robcore-netatmo" OR "module_id") AND ("SQL" OR "database" OR "syntax")