CVE-2025-24748: 
WordPress vulnerability analysis and mitigation

CVE-2025-24748 is a SQL Injection vulnerability discovered in LambertGroup All In One Slider Responsive WordPress plugin. The vulnerability affects all versions up to and including 3.7.9, and was publicly disclosed on July 4, 2025. The vulnerability was discovered by Tran Nguyen Bao Khanh from VCI - VNPT Cyber Immunity (Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') with a CVSS v3.1 base score of 8.5 (HIGH). The attack vector is network-accessible (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and no user interaction (UI:N). The scope is changed (S:C) with high confidentiality impact (C:H), no integrity impact (I:N), and low availability impact (A:L) (NVD).

This vulnerability could allow malicious actors to directly interact with the database, potentially leading to unauthorized access to sensitive information. The high CVSS score of 8.5 indicates a significant security risk, particularly concerning data confidentiality (Patchstack).

The vulnerability has been fixed in version 3.8 of the All In One Slider Responsive plugin. Users are strongly advised to update to this version or later to remove the vulnerability. No alternative workarounds have been provided (Patchstack).