CVE-2025-10743: 
WordPress vulnerability analysis and mitigation

The Outdoor plugin for WordPress contains a SQL Injection vulnerability (CVE-2025-10743) discovered and disclosed on October 14, 2025. The vulnerability affects all versions up to and including 1.3.2. The plugin has been temporarily closed pending a full security review (WordPress Plugin, NVD Database).

The vulnerability is classified as an SQL Injection (CWE-89) that exists via the 'edit' action due to insufficient escaping of user-supplied parameters and inadequate preparation of SQL queries. The vulnerability has received a CVSS v3.1 Base Score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating it is network-accessible, requires low attack complexity, and needs no privileges or user interaction to exploit (Wordfence).

The vulnerability allows unauthenticated attackers to append additional SQL queries to existing queries, potentially leading to the extraction of sensitive information from the database. The high confidentiality impact rating suggests that attackers can access sensitive data stored in the WordPress database (NVD Database).

The WordPress plugin repository has temporarily closed the plugin as of October 14, 2025, pending a full security review. Users are advised to disable and remove the plugin until a patched version is released (WordPress Plugin).