CVE-2025-32125: 
WordPress vulnerability analysis and mitigation

An SQL Injection vulnerability (CVE-2025-32125) was discovered in Silvasoft boekhouden WordPress plugin affecting versions through 3.0.1. The vulnerability was reported on April 4, 2025, by security researcher João Pedro S Alcântara. This security flaw allows for improper neutralization of special elements used in SQL commands (NVD, Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.6 (High) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L. The flaw is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). The vulnerability requires administrator privileges to exploit (NVD, Patchstack).

This SQL injection vulnerability could allow an authenticated attacker with administrator privileges to directly interact with the database, potentially leading to unauthorized access to sensitive information. The vulnerability has been assessed with high confidentiality impact and low availability impact (Patchstack).

As of the vulnerability disclosure, no official fix is available for this security issue. The vulnerability is considered to have a low severity impact and is unlikely to be exploited, according to the assessment (Patchstack).