Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows SQL Injection.This issue affects WP AutoKeyword: from n/a through <= 1.0.
Published: 2025-04-01
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a classic SQL injection flaw (CWE‑89) that exists in the WP AutoKeyword plugin for WordPress. The plugin fails to properly neutralize special characters before incorporating user‑supplied data into SQL statements. An attacker who can influence these inputs can inject arbitrary SQL, enabling unauthorized read or write access to the site’s database.

Affected Systems

The affected product is EXEIdeas International’s WP AutoKeyword plugin for WordPress, versions up to and including 1.0. Sites that have installed this plugin before the fix are at risk. Any WordPress installation that hosts this plugin, regardless of other security measures, is potentially vulnerable.

Risk and Exploitability

The vendor’s CVSS score of 9.3 highlights a high severity with full confidentiality, integrity, and availability impact if exploited. The EPSS score of less than 1% indicates a currently low probability of exploitation, and the vulnerability is not yet in the CISA KEV catalog. Still, the attack vector is likely through publicly accessible plugin endpoints where input is not sanitized, so organizations should treat this as a serious risk. A compromise could result in data theft, corruption, or site defacement once the database is accessed.

Generated by OpenCVE AI on May 1, 2026 at 01:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WP AutoKeyword plugin to the latest release, which removes the SQL injection flaw.
  • If the update is not immediately available, disable or uninstall the plugin until a patch is released.
  • Implement a web application firewall or database‑level input validation to block malicious SQL payloads and restrict the WordPress database user to the minimum required privileges.

Generated by OpenCVE AI on May 1, 2026 at 01:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9453 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EXEIdeas International WP AutoKeyword allows SQL Injection. This issue affects WP AutoKeyword: from n/a through 1.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EXEIdeas International WP AutoKeyword allows SQL Injection. This issue affects WP AutoKeyword: from n/a through 1.0. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows SQL Injection.This issue affects WP AutoKeyword: from n/a through <= 1.0.
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}

Thu, 10 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 01 Apr 2025 21:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EXEIdeas International WP AutoKeyword allows SQL Injection. This issue affects WP AutoKeyword: from n/a through 1.0.
Title WordPress WP AutoKeyword plugin <= 1.0 - SQL Injection vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:09.385Z

Reserved: 2025-03-31T10:05:51.138Z

Link: CVE-2025-31579

cve-icon Vulnrichment

Updated: 2025-04-10T14:40:15.833Z

cve-icon NVD

Status : Deferred

Published: 2025-04-01T21:15:51.087

Modified: 2026-04-23T15:28:00.160

Link: CVE-2025-31579

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T01:30:05Z

Weaknesses