Description
The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Published: 2025-03-04
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Data Exposure via SQL Injection
Action: Apply Patch
AI Analysis

Impact

The teachPress plugin for WordPress contains an SQL Injection vulnerability in the order parameter of the tpsearch shortcode in all releases up to 9.0.7. The flaw is caused by insufficient escaping of user input and a lack of prepared statements. An attacker who has logged on with Contributor level or higher can append rogue SQL statements to the constructed query and extract arbitrary data stored in the database.

Affected Systems

WordPress installations that include the teachPress plugin version 9.0.7 or older, distributed by winkm89. Only users with Contributor or higher privileges can exploit the flaw, so the threat surface is limited to sites with such accounts.

Risk and Exploitability

The CVSS score of 6.5 classifies the issue as medium severity, and an EPSS score of less than 1% indicates a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Because an active, authenticated account is required, the typical attack vector is via legitimate login credentials – users who already have Contributor access can use the shortcode to inject statements and leak data. The overall risk remains moderate, but any exposed sensitive data could be significant for the site owner.

Generated by OpenCVE AI on April 20, 2026 at 23:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade teachPress to the latest release (≥9.0.8) which removes the unsafe query.
  • Revoke or downgrade Contributor accounts that do not need to use the tpsearch shortcode, limiting the exploitation scope.
  • Configure the plugin or WordPress to disable the tpsearch shortcode for all users, for example by editing the plugin settings to restrict shortcode usage or by removing the shortcode from the theme.
  • Deploy a web application firewall that blocks suspicious ORDER BY injection patterns to detect and block attempts.

Generated by OpenCVE AI on April 20, 2026 at 23:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-7389 The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
History

Tue, 04 Mar 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Mar 2025 03:45:00 +0000

Type Values Removed Values Added
Description The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Title teachPress <= 9.0.7 - Authenticated (Contributor+) SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:23:25.384Z

Reserved: 2025-02-14T23:24:24.656Z

Link: CVE-2025-1321

cve-icon Vulnrichment

Updated: 2025-03-04T15:34:31.917Z

cve-icon NVD

Status : Received

Published: 2025-03-04T04:15:11.547

Modified: 2025-03-04T04:15:11.547

Link: CVE-2025-1321

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T23:45:21Z

Weaknesses