CVE-2025-1446: 
NixOS vulnerability analysis and mitigation

The Pods WordPress plugin before version 3.2.8.2 contains a SQL injection vulnerability identified as CVE-2025-1446. The vulnerability was discovered by Dmitrii Ignatyev and publicly disclosed on March 2, 2025. The issue affects the plugin's parameter handling in SQL statements, specifically impacting installations where users have administrative access (WPScan).

The vulnerability stems from improper parameter sanitization and escaping before using it in SQL statements. The issue specifically occurs in the relationship field functionality when creating user pods. The vulnerability has received a CVSS 3.1 base score of 4.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N (NVD).

The vulnerability allows authenticated users with administrative privileges to perform SQL injection attacks against the WordPress database. This could potentially lead to unauthorized access to database contents and manipulation of stored data (WPScan).

Users are advised to update their Pods WordPress plugin to version 3.2.8.2 or later, which contains the fix for this vulnerability (WPScan).