Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Blind SQL Injection.This issue affects Verowa Connect: from n/a through <= 3.0.5.
Published: 2025-04-09
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A blind SQL injection flaw exists in Picture-Planet GmbH Verowa Connect, allowing an attacker to execute arbitrary SQL statements. The vulnerability can lead to unauthorized data reading or modification, compromising confidentiality and integrity of the underlying database.

Affected Systems

The affected product is the WordPress plugin Verowa Connect from Picture-Planet GmbH. All released versions up to and including 3.0.5 are vulnerable.

Risk and Exploitability

The CVSS score of 7.6 indicates high severity, but the EPSS score of less than 1% suggests a low probability of widespread exploitation at present. The platform is not listed in CISA KEV. Based on the description it is inferred that the attack can be carried out by sending crafted HTTP requests containing malicious input to the plugin’s processing endpoints, resulting in blind SQL injection.

Generated by OpenCVE AI on May 1, 2026 at 00:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Verowa Connect to a version newer than 3.0.5
  • Implement strict input validation and parameterized queries to prevent injection of malicious SQL
  • Deploy a web application firewall or monitor database activity for anomalous queries that may indicate exploitation

Generated by OpenCVE AI on May 1, 2026 at 00:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-10557 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Picture-Planet GmbH Verowa Connect allows Blind SQL Injection. This issue affects Verowa Connect: from n/a through 3.0.5.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Picture-Planet GmbH Verowa Connect allows Blind SQL Injection. This issue affects Verowa Connect: from n/a through 3.0.5. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Blind SQL Injection.This issue affects Verowa Connect: from n/a through <= 3.0.5.
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L'}

Wed, 09 Apr 2025 16:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Picture-Planet GmbH Verowa Connect allows Blind SQL Injection. This issue affects Verowa Connect: from n/a through 3.0.5.
Title WordPress Verowa Connect plugin <= 3.0.5 - SQL Injection vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:27.981Z

Reserved: 2025-04-09T11:21:24.365Z

Link: CVE-2025-32676

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2025-04-09T17:15:51.560

Modified: 2026-06-17T09:12:24.263

Link: CVE-2025-32676

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T00:15:04Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')