Miniorange Custom Api For Wp vulnerabilities
2 known vulnerabilities affecting miniorange/custom_api_for_wp.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2025-54048P2CRITICALCVSS 9.3≤ 4.2.22025-08-20
CVE-2025-54048 [CRITICAL] CWE-89 CVE-2025-54048: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniOrange Custom API for WP custom-api-for-wp allows SQL Injection.This issue affects Custom API for WP: from n/a through <= 4.2.2.
nvd
CVE-2025-54049P2CRITICALCVSS 9.9≤ 4.2.22025-08-20
CVE-2025-54049 [CRITICAL] CWE-266 CVE-2025-54049: Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allow
Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP: from n/a through <= 4.2.2.
nvd