CVE-2025-52714

2025-07-16 [email protected]
WordPress PHP SQLi

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:43 vuln.today
CVE Published
Jul 16, 2025 - 12:15 nvd
N/A

DescriptionNVD

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows SQL Injection.This issue affects Traveler: from n/a through < 3.2.2.

AnalysisAI

SQL injection vulnerability in shinetheme Traveler WordPress theme versions before 3.2.2 allows attackers to execute arbitrary SQL commands through improper neutralization of special elements in SQL queries. The vulnerability affects all versions up to and including 3.2.1, with an extremely low EPSS score of 0.05% (17th percentile) suggesting minimal real-world exploitation probability despite the critical nature of SQL injection attacks.

Technical ContextAI

This vulnerability is classified as CWE-89 (SQL Injection), a foundational web application flaw where user-supplied input is inadequately sanitized before being incorporated into SQL queries. The affected product is the shinetheme Traveler theme for WordPress (CPE data not provided in source material, but identifiable as WordPress plugin/theme). SQL injection vulnerabilities typically arise from concatenating user input directly into dynamic SQL statements without parameterized queries or proper escaping, allowing attackers to inject malicious SQL syntax that alters query logic or exfiltrates data.

Affected ProductsAI

The vulnerability affects shinetheme Traveler WordPress theme from version 3.2.1 and earlier (all versions prior to 3.2.2). The exact affected version range is documented as "from n/a through < 3.2.2" per the vulnerability disclosure on Patchstack. No CPE string is provided in the source material.

RemediationAI

Update shinetheme Traveler WordPress theme to version 3.2.2 or later. Website administrators should access the WordPress dashboard, navigate to Themes, and apply the available update for Traveler. For detailed patch information and verification, refer to the official advisory on Patchstack at https://patchstack.com/database/Wordpress/Theme/traveler/vulnerability/wordpress-traveler-3-2-2-sql-injection-vulnerability. If immediate patching is not feasible, disable the theme or restrict access to affected functionality until the update can be applied.

Share

CVE-2025-52714 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy