CVE-2025-68017

High

Published: 22 January 2026

Published

22 January 2026

Modified

27 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L

EPSS Score 0.0004 13.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-68017 is a high-severity SQL Injection (CWE-89) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CA-8 Penetration Testing

addresses: CWE-89

Penetration testing uses SQL injection payloads against database interfaces, identifying and supporting fixes for SQL injection weaknesses.

SI-10 Information Input Validation

addresses: CWE-89

Validates query inputs to prevent SQL syntax or command manipulation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1213 Data from Information Repositories Collection

Adversaries may leverage information repositories to mine valuable information.

attack.mitre.org →

Why these techniques?

Direct SQL injection flaw in public-facing WordPress plugin enables T1190 exploitation for unauthenticated remote access; facilitates T1213 data extraction from backend database repositories via blind SQLi.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through <= 1.0.10.

Deeper analysisAI

CVE-2025-68017 is an Improper Neutralization of Special Elements used in an SQL Command vulnerability, classified as CWE-89, that enables Blind SQL Injection in the Antideo Email Validator WordPress plugin (antideo-email-validator). This issue affects all versions of the plugin from n/a through 1.0.10. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L), indicating network accessibility with high attack complexity but no privileges or user interaction required.

Remote, unauthenticated attackers can exploit this vulnerability over the network by crafting malicious inputs that manipulate SQL queries in the plugin. Exploitation allows attackers to achieve high-impact confidentiality violations, such as extracting sensitive data from the database through blind SQL injection techniques, alongside low-impact availability disruption. The changed scope (S:C) suggests potential effects beyond the vulnerable component.

The Patchstack advisory provides details on this WordPress plugin vulnerability, including mitigation guidance, accessible at https://patchstack.com/database/Wordpress/Plugin/antideo-email-validator/vulnerability/wordpress-antideo-email-validator-plugin-1-0-10-sql-injection-vulnerability?_s_id=cve.

Details

CWE(s): CWE-89

CVEs Like This One

CVE-2025-49050Shared CWE-89

CVE-2025-70893Shared CWE-89

CVE-2026-3180Shared CWE-89

CVE-2025-1872Shared CWE-89

CVE-2026-32458Shared CWE-89

CVE-2026-24494Shared CWE-89

CVE-2025-26875Shared CWE-89

CVE-2026-26263Shared CWE-89

CVE-2026-30531Shared CWE-89

CVE-2025-7636Shared CWE-89

References

https://patchstack.com/database/Wordpress/Plugin/antideo-email-validator/vulnerability/wordpress-antideo-email-validator-plugin-1-0-10-sql-injection-vulnerability?_s_id=cve
audit@patchstack.com