CVE-2025-32204: 
WordPress vulnerability analysis and mitigation

The Split Test For Elementor WordPress plugin contains an SQL Injection vulnerability (CVE-2025-32204) that affects versions up to and including 1.8.2. This security issue was discovered and disclosed on April 4, 2025, impacting the rocketelements Split Test For Elementor plugin (NVD, Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) with a CVSS v3.1 base score of 7.6 (High). The issue requires editor-level access or higher privileges to exploit. The vulnerability stems from insufficient escaping of user-supplied parameters and lack of proper preparation in existing SQL queries, allowing authenticated attackers to append additional SQL queries to extract sensitive information from the database (WPScan, Patchstack).

If exploited, this vulnerability could allow authenticated attackers with editor-level access to directly interact with the database, potentially leading to unauthorized access to sensitive information stored in the WordPress database (Patchstack).

As of the latest reports, there is no official fix available for this vulnerability. Website administrators running affected versions of the Split Test For Elementor plugin should consider restricting editor access and monitoring database activities until a patch is released (Patchstack).