CVE-2025-68561
Lifecycle Timeline
2Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP automatorwp allows SQL Injection.This issue affects AutomatorWP: from n/a through <= 5.2.4.
Analysis
SQL injection in AutomatorWP WordPress plugin through version 5.2.4 allows authenticated attackers to execute arbitrary SQL commands. The vulnerability exists in the plugin's database query handling where user-supplied input is not properly sanitized before being used in SQL statements. While EPSS scoring indicates low exploitation probability (0.04th percentile), the SQL injection vector represents a critical capability if exploited, potentially enabling data exfiltration, modification, or deletion from the affected WordPress database.
Technical Context
AutomatorWP is a WordPress automation plugin that enables users to create complex automation workflows. The vulnerability stems from CWE-89 (SQL Injection), a classic input validation failure where user-controlled data reaches database query construction without proper parameterization or escaping. This typically occurs when the plugin builds dynamic SQL queries using string concatenation or inadequate prepared statement implementation. WordPress plugins are executed within the wp-content/plugins directory and interact directly with the wpdb database abstraction layer; improper use of this API (such as direct query concatenation instead of parameterized queries with $wpdb->prepare()) creates SQLi exposure. The affected plugin versions through 5.2.4 contain this flaw in their automation rule processing or trigger evaluation logic.
Affected Products
AutomatorWP WordPress plugin versions from an unspecified baseline through and including version 5.2.4 are affected. The plugin is distributed via WordPress.org plugin repository and installed in the wp-content/plugins/automatorwp directory. Vulnerability data from Patchstack indicates the flaw is present in all versions up to and including 5.2.4, though the starting version of vulnerability introduction is not explicitly documented.
Remediation
Site administrators running AutomatorWP should immediately update the plugin to version 5.2.5 or later, which contains the SQL injection fix. Update the plugin via the WordPress admin dashboard (Plugins > Updates) or via WordPress CLI using wp plugin update automatorwp. If a patched version is not yet available, temporarily disable the AutomatorWP plugin and review active automation rules for suspicious configurations. Site owners should also audit database access logs and user accounts with plugin management capabilities to detect prior unauthorized access. The vulnerability details and remediation guidance are available on the Patchstack vulnerability database at https://patchstack.com/database/Wordpress/Plugin/automatorwp/vulnerability/wordpress-automatorwp-plugin-5-2-4-sql-injection-vulnerability.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today