cbcvebase.
CVE-2025-54726
published 2025-08-20

CVE-2025-54726: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget…

PriorityP179critical9.3CVSS 3.1
AVNACLPRNUINSCCHINAL
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.43%
69.6th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows SQL Injection.This issue affects JS Archive List: from n/a through < 6.1.6.

Affected

1 ranges
VendorProductVersion rangeFixed in
miguel_usechejs_archive_list<= 6.1.6

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerable versions of the plugin are all releases from the beginning up to (but not including) 6.1.6; any installation running < 6.1.6 should be treated as a target of interest.
  • ·The nuclei-style fingerprint digest is embedded in the detection rule; verify rule integrity before deployment — digest: 480a0045304302204f2c6a8bdb0fa52482be0419ff75d42a3fba5a8a40f5e63775a8d0903853f68b021f60432011c03e113c5b35fbf35535c8386e955df1529b2f55c10a98ab2e5e08:922c64590222798bb761d5b6d8e72950.
  • ·The detection rule targets 'WordPress JS Archive List = 6' as the version matcher string; confirm this selector correctly covers all sub-versions below 6.1.6 in your scanner's version-comparison logic.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.