Skip to main content

Unicamp

1 CVEs product

Monthly

CVE-2025-69094 HIGH This Week

SQL injection in the Unicamp WordPress theme (versions 2.2.2 and earlier) by ThemeMove allows an attacker holding a low-privilege Subscriber account to inject arbitrary SQL into backend database queries. Because the CVSS scope is marked changed with high confidentiality impact, a successful attacker can read data beyond their normal authorization boundary, including other users' records and potentially credentials stored in the WordPress database. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

SQLi Unicamp
NVD
CVSS 3.1
8.5
EPSS
0.3%
EPSS 0% CVSS 8.5
HIGH This Week

SQL injection in the Unicamp WordPress theme (versions 2.2.2 and earlier) by ThemeMove allows an attacker holding a low-privilege Subscriber account to inject arbitrary SQL into backend database queries. Because the CVSS scope is marked changed with high confidentiality impact, a successful attacker can read data beyond their normal authorization boundary, including other users' records and potentially credentials stored in the WordPress database. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

SQLi Unicamp
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy