CVE-2025-11454

6.5 MEDIUM

SQL Injection

📋 TL;DR

This SQL injection vulnerability in the Specific Content For Mobile WordPress plugin allows authenticated attackers with Contributor-level access or higher to execute arbitrary SQL queries. Attackers can extract sensitive information from the database, including user credentials and other confidential data. All WordPress sites using this plugin up to version 0.5.5 are affected.

💻 Affected Systems

Products:

• Specific Content For Mobile – Customize the mobile version without redirections WordPress plugin

Versions: All versions up to and including 0.5.5

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin enabled. Contributor-level user access or higher is needed to exploit.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to credential theft, data exfiltration, privilege escalation, and potential site takeover.

🟠

Likely Case

Extraction of sensitive user data, admin credentials, and other confidential information from the database.

🟢

If Mitigated

Limited impact if proper input validation and prepared statements are implemented, with only authorized users able to trigger the vulnerability.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing, and the vulnerability requires only Contributor-level access which is commonly granted.

🏢 Internal Only: MEDIUM - Internal WordPress installations are still vulnerable but have reduced attack surface compared to internet-facing instances.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but uses common SQL injection techniques. The vulnerability is well-documented in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 0.5.5

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3387807%40specific-content-for-mobile&new=3387807%40specific-content-for-mobile&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Specific Content For Mobile' plugin. 4. Click 'Update Now' if available. 5. If no update appears, manually download latest version from WordPress repository and replace plugin files.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily disable the plugin until patched

Copy

wp plugin deactivate specific-content-for-mobile

Restrict user roles

all

Limit Contributor and higher role assignments to trusted users only

🧯 If You Can't Patch

• Implement web application firewall (WAF) rules to block SQL injection patterns
• Restrict database user permissions to SELECT-only for plugin database operations

🔍 How to Verify

Check if Vulnerable:

Copy

Check WordPress admin panel → Plugins → Installed Plugins for 'Specific Content For Mobile' version 0.5.5 or earlier

Check Version:

Copy

wp plugin get specific-content-for-mobile --field=version

Verify Fix Applied:

Copy

Verify plugin version is higher than 0.5.5 in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

• Unusual SQL queries in database logs
• Multiple POST requests to wp-admin/admin-ajax.php with SQL-like parameters
• Failed login attempts followed by successful Contributor-level login

Network Indicators:

• Unusual database traffic patterns from web server
• Large data exfiltration from database server

SIEM Query:

Copy

source="wordpress.log" AND ("eos_scfm_duplicate_post_as_draft" OR "specific-content-for-mobile") AND (sql OR union OR select)

📊 Metadata

CVE ID: CVE-2025-11454

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

EPSS Score: 0.04% exploit probability (11.3th percentile)

Published: November 12, 2025

Last Updated: November 12, 2025

🔗 References

• https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3387807%40specific-content-for-mobile&new=3387807%40specific-content-for-mobile&sfp_email=&sfph_mail=
• https://www.wordfence.com/threat-intel/vulnerabilities/id/6ed99dfd-6ca6-41e7-a844-d53eec7068c1?source=cve

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11454, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)

CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)

CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)