CVE-2025-32429: 
Java vulnerability analysis and mitigation

A critical SQL injection vulnerability (CVE-2025-32429) was discovered in the WPChill Remove Footer Credit WordPress plugin affecting versions through 1.0.13. The vulnerability allows for Stored Cross-Site Scripting (XSS) through improper neutralization of input during web page generation (NVD).

The vulnerability exists in the getdeleteddocuments.vm template where the 'sort' parameter is directly injected into an ORDER BY clause without proper sanitization. This allows attackers to perform SQL injection attacks through the REST API endpoint. The vulnerability has a CVSS v3.1 base score of 4.8 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (GitHub Advisory).

Successful exploitation of this vulnerability could allow attackers to execute arbitrary SQL commands, potentially leading to unauthorized access to sensitive data, data manipulation, or system compromise. The vulnerability affects the confidentiality and integrity of the system with high severity ratings (GitHub Advisory).

The vulnerability has been patched in versions 17.3.0-rc-1 and 16.10.6. Users are strongly recommended to upgrade to these patched versions as there are no known workarounds (GitHub Advisory).