Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview interview allows SQL Injection.This issue affects Interview: from n/a through <= 1.01.
Published: 2025-05-16
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper neutralization of special elements in an SQL command, allowing attackers to inject arbitrary SQL. This could let an attacker read, modify, or delete data stored in the WordPress database, compromising confidentiality, integrity, and availability. The weakness is a classic input validation flaw classified as CWE-89.

Affected Systems

The issue affects the Proxymis Interview plugin for WordPress version 1.01 and earlier. Any WordPress site using this plugin is at risk until it is removed or updated.

Risk and Exploitability

With a CVSS score of 8.5 the flaw is considered high severity. The EPSS score of less than 1% indicates a low probability of exploitation at present, and the flaw is not listed in the CISA KEV catalog. Based on the description the likely attack vector is through the web interface of the plugin, where unsanitized input is passed to SQL statements. No authentication is required if the plugin exposes functions to standard users, making it potentially exploitable by anyone able to submit data to the plugin.

Generated by OpenCVE AI on April 30, 2026 at 12:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Interview plugin to a version newer than 1.01, ensuring that the vendor has applied the fix.
  • If an upgrade is not immediately possible, disable or delete the plugin to eliminate the attack surface.
  • Restrict access to the plugin’s administrative pages so that only trusted users can interact with its inputs.
  • Implement generic input validation and adopt parameterized queries in any custom code to guard against similar SQL injection weaknesses.

Generated by OpenCVE AI on April 30, 2026 at 12:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-15512 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview allows SQL Injection. This issue affects Interview: from n/a through 1.01.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview allows SQL Injection. This issue affects Interview: from n/a through 1.01. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview interview allows SQL Injection.This issue affects Interview: from n/a through <= 1.01.
Title WordPress Interview <= 1.01 - SQL Injection Vulnerability WordPress Interview plugin <= 1.01 - SQL Injection Vulnerability
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Fri, 30 May 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Proxymis
Proxymis interview
CPEs cpe:2.3:a:proxymis:interview:*:*:*:*:*:wordpress:*:*
Vendors & Products Proxymis
Proxymis interview

Fri, 16 May 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 16 May 2025 16:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview allows SQL Injection. This issue affects Interview: from n/a through 1.01.
Title WordPress Interview <= 1.01 - SQL Injection Vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

Proxymis Interview
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T00:16:58.645Z

Reserved: 2025-05-15T18:01:40.432Z

Link: CVE-2025-48137

cve-icon Vulnrichment

Updated: 2025-05-16T16:21:33.775Z

cve-icon NVD

Status : Modified

Published: 2025-05-16T16:15:45.653

Modified: 2026-04-23T15:30:51.957

Link: CVE-2025-48137

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T13:00:13Z

Weaknesses