CVE-2025-53807: 
vulnerability analysis and mitigation

A SQL Injection vulnerability (CVE-2024-53807) was discovered in brandtoss WP Mailster plugin for WordPress. The vulnerability affects WP Mailster versions through 1.8.16.0, allowing attackers to perform Blind SQL Injection attacks (Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability (CWE-89). According to the CVSS 3.1 scoring, it received a Critical base score of 9.8 (NIST) and a High score of 8.5 (Patchstack). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating it can be exploited remotely with low attack complexity, requires no privileges or user interaction, and can result in high impact to confidentiality, integrity, and availability (NVD).

The successful exploitation of this vulnerability could allow an attacker to perform Blind SQL Injection attacks against the affected WordPress installations. This could potentially lead to unauthorized access to the database, data theft, and manipulation of database contents (Patchstack).

Users are advised to update WP Mailster to version 1.8.17.0 or later to address this vulnerability. The fix has been implemented in newer versions of the plugin (NVD).