cleantalk
Vulnerabilities and Security Researches

WP Employee Attendance System, CVE-2025-28972

CVE, Research URL

CVE-2025-28972

Home page URL

Security reports for WP Employee Attendance System

Application

WP Employee Attendance System

Published on
Jun 17, 2025
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Suhas Surse WP Employee Attendance System allows Blind SQL Injection. This issue affects WP Employee Attendance System: from n/a through 3.5.
Affected versions
Min -, max 3.5.
Status
vulnerable
Previous vulnerability researches
Ivory Search – WordPress Search Plugin (CVE-2022-4974) , Nov 15, 2024
Ivory Search – WordPress Search Plugin (CVE-2021-36869) , Jun 06, 2024
Ivory Search – WordPress Search Plugin (CVE-2021-24234) , Jun 06, 2024
Ivory Search – WordPress Search Plugin (CVE-2024-3233) , Jun 06, 2024
Ivory Search – WordPress Search Plugin (CVE-2021-25105) , Jun 06, 2024
New vulnerability
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2025-49872) , Jun 19, 2025
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2025-49857) , Jun 19, 2025
WP Dummy Content Generator (CVE-2025-49234) , Jun 19, 2025
Table of Contents Plus , Jun 19, 2025
WP Employee Attendance System (CVE-2025-28972) , Jun 18, 2025