CVE-2025-30936

2025-07-16 [email protected]
SQLi Information Disclosure

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:26 vuln.today
CVE Published
Jul 16, 2025 - 12:15 nvd
N/A

DescriptionNVD

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Torod torod allows SQL Injection.This issue affects Torod: from n/a through <= 2.1.

AnalysisAI

SQL injection vulnerability in Torod Company for Information Technology's Torod plugin through version 2.1 allows unauthenticated remote attackers to execute arbitrary SQL commands. The vulnerability affects all versions up to and including 2.1, with no CVSS vector provided but classified as SQL injection (CWE-89). No public exploit code or active exploitation has been confirmed at time of analysis.

Technical ContextAI

This is a classic SQL injection vulnerability (CWE-89) in the Torod WordPress plugin, where user-supplied input is not properly sanitized or parameterized before being incorporated into SQL queries. The plugin fails to implement prepared statements or input validation, allowing attackers to manipulate SQL query logic. WordPress plugins are server-side components executed in PHP that directly interact with the WordPress database; improper neutralization of special SQL characters enables attackers to alter query structure and access or modify database contents beyond intended application logic.

Affected ProductsAI

Torod Company for Information Technology Torod plugin for WordPress in all versions from the earliest release through version 2.1 inclusive. The plugin is distributed via the WordPress plugin repository and indexed under the Patchstack vulnerability database.

RemediationAI

Update the Torod plugin to a version newer than 2.1 if available from the vendor, or disable and remove the plugin if no patched version is available. Implement input validation and prepared statements (parameterized queries) in any custom SQL code. Review the Patchstack vulnerability advisory at https://patchstack.com/database/Wordpress/Plugin/torod/vulnerability/wordpress-torod-1-9-sql-injection-vulnerability?_s_id=cve for detailed technical information and patched version availability. As an interim mitigation, restrict access to plugin functionality via Web Application Firewall rules that block SQL injection payloads.

Share

CVE-2025-30936 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy