Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Waituk Entrada allows SQL Injection.This issue affects Entrada: from n/a through 5.7.7.
AnalysisAI
Waituk Entrada WordPress theme (through 5.7.7) contains blind SQL injection with scope change, allowing unauthenticated database extraction beyond the theme's own data.
Technical ContextAI
User input is passed to SQL queries without parameterization (CWE-89). The scope change (S:C) means the attacker can access data across the entire WordPress database, not just Entrada's tables. Blind injection requires time-based or boolean-based extraction but is fully automatable with tools like sqlmap.
Affected ProductsAI
Waituk Entrada WordPress theme through 5.7.7
RemediationAI
Update or remove the Entrada theme. Use a WAF with SQL injection protection.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today