Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: from n/a through <= 2.15.06.
Published: 2025-06-09
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is an SQL Injection flaw caused by an improper neutralization of special elements used in a SQL command within the Infility Global plugin for WordPress. An attacker could inject malicious SQL statements that are executed against the site’s database, potentially leading to sensitive data disclosure, unauthorized data modification, or loss of data integrity. The CVSS score of 8.5 reflects the high severity of this flaw.

Affected Systems

The Infility Global plugin for WordPress, supplied by Infility and named Infility Global, is affected for all releases from its earliest version through version 2.15.06. Users running any of these versions are susceptible to exploitation.

Risk and Exploitability

The EPSS score of less than 1% indicates that exploitation attempts are expected to be rare, though not impossible. The vulnerability is not listed in the CISA KEV catalog. Attackers would most likely deliver malicious input through the plugin’s public interfaces, such as form submissions or query parameters, allowing unauthorized execution of arbitrary SQL statements. Given the high CVSS, any successful exploitation could compromise the confidentiality, integrity, or availability of the database.

Generated by OpenCVE AI on April 30, 2026 at 11:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Infility Global plugin to the newest release that is beyond version 2.15.06, preferably 2.15.07 or later.
  • Restrict database account permissions used by the plugin to the minimum necessary privileges, following the principle of least privilege.
  • Implement input validation or sanitization for all data received via the plugin’s interfaces to prevent injection of malicious SQL.
  • If an immediate upgrade is not possible, temporarily disable or remove the Infility Global plugin from the WordPress installation.

Generated by OpenCVE AI on April 30, 2026 at 11:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17523 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global allows SQL Injection. This issue affects Infility Global: from n/a through 2.12.4.
History

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: from n/a through <= 2.15.11. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: from n/a through <= 2.15.06.
Title WordPress Infility Global plugin <= 2.15.11 - SQL Injection vulnerability WordPress Infility Global plugin <= 2.15.06 - SQL Injection vulnerability

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: from n/a through <= 2.15.06. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: from n/a through <= 2.15.11.
Title WordPress Infility Global plugin <= 2.15.06 - SQL Injection vulnerability WordPress Infility Global plugin <= 2.15.11 - SQL Injection vulnerability
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global allows SQL Injection. This issue affects Infility Global: from n/a through 2.12.4. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: from n/a through <= 2.15.06.
Title WordPress Infility Global <= 2.12.4 - SQL Injection Vulnerability WordPress Infility Global plugin <= 2.15.06 - SQL Injection vulnerability
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00033}

 epss

{'score': 0.00038}

Mon, 09 Jun 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Jun 2025 16:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global allows SQL Injection. This issue affects Infility Global: from n/a through 2.12.4.
Title WordPress Infility Global <= 2.12.4 - SQL Injection Vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

Infility Infility Global
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:48.080Z

Reserved: 2025-05-07T10:45:13.130Z

Link: CVE-2025-47651

cve-icon Vulnrichment

Updated: 2025-06-09T17:16:41.153Z

cve-icon NVD

Status : Deferred

Published: 2025-06-09T16:15:42.200

Modified: 2026-04-28T19:32:31.063

Link: CVE-2025-47651

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T11:45:21Z

Weaknesses