CVE-2025-22519: 
WordPress vulnerability analysis and mitigation

An SQL Injection vulnerability (CVE-2025-22519) was discovered in eDoc Intelligence LLC's eDoc Easy Tables WordPress plugin, affecting versions up to 1.29. The vulnerability was initially reported by security researcher Colin Xu on December 18, 2024, and was publicly disclosed on January 7, 2025. This security issue requires contributor-level privileges or higher to exploit (Patchstack).

The vulnerability is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) and has received varying CVSS scores from different sources. Patchstack assigned it a CVSS v3.1 base score of 8.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L, indicating network accessibility, low attack complexity, and required low privileges (NVD).

The SQL Injection vulnerability could allow malicious actors with contributor-level access or higher to directly interact with the website's database. This interaction could potentially lead to unauthorized data access and information theft from the affected WordPress installations (Patchstack).

As of January 2025, no official fix has been released for this vulnerability. The issue affects eDoc Easy Tables versions up to 1.29, and users are advised to monitor for updates from the vendor (NVD).