CVE-2025-54048: WordPress Custom API for WP <= 4.2.2 - SQL Injection Vulnerability
Published Aug 20, 2025
·Updated
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniOrange Custom API for WP allows SQL Injection. This issue affects Custom API for WP: from n/a through 4.2.2.
Affected Software
1 affected component
miniOrange Custom API for WP<=4.2.2
Remediation
Information
Update the WordPress Custom API for WP plugin to the latest available version (at least 4.2.3).
Event History
Aug 20, 2025
CVE Published
via MITRE·08:02 AM
Data Sourced
via MITRE·08:02 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·08:15 AM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2025-54048?
CVE-2025-54048 is classified as a critical SQL Injection vulnerability affecting the miniOrange Custom API for WP.
2
How do I fix CVE-2025-54048?
To mitigate CVE-2025-54048, update the miniOrange Custom API for WP to a version above 4.2.2.
3
What systems are impacted by CVE-2025-54048?
CVE-2025-54048 affects miniOrange Custom API for WP versions up to and including 4.2.2.
4
What is SQL Injection in the context of CVE-2025-54048?
In the context of CVE-2025-54048, SQL Injection allows an attacker to execute arbitrary SQL commands through the vulnerable API.
5
Can CVE-2025-54048 be exploited remotely?
Yes, CVE-2025-54048 can be exploited remotely if the vulnerable API is exposed to the internet.