CVE-2025-7662: 
WordPress vulnerability analysis and mitigation

The Gestion de tarifs plugin for WordPress contains a SQL Injection vulnerability (CVE-2025-7662) affecting all versions up to and including 1.4. The vulnerability was discovered and disclosed on August 15, 2025. The affected component is specifically related to the 'tarif' and 'intitule' shortcodes within the plugin (NVD).

The vulnerability is classified as a SQL Injection (CWE-89) with a CVSS v3.1 base score of 6.5 (Medium). The issue stems from insufficient escaping of user-supplied parameters and inadequate preparation of SQL queries in the shortcode functionality. The vulnerability exists in the plugin's handling of the 'tarif' and 'intitule' shortcodes, which allows authenticated users with Contributor-level access or higher to manipulate SQL queries (NVD, Wordfence).

The vulnerability allows authenticated attackers with Contributor-level access or higher to append additional SQL queries to existing queries, potentially leading to unauthorized access to sensitive information stored in the database (NVD).

As of August 14, 2025, the plugin has been temporarily closed and is not available for download pending a full security review (WordPress). Users are advised to disable and remove the plugin until a patched version becomes available.