cleantalk
Vulnerabilities and Security Researches

B1.lt, CVE-2025-6718

CVE, Research URL

CVE-2025-6718

Home page URL

Security reports for B1.lt

Application

B1.lt

Published on
Jul 18, 2025
Research Description
The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX action in all versions up to, and including, 2.2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute and run arbitrary SQL commands.
Affected versions
Min -, max 2.2.56.
Status
vulnerable
Previous vulnerability researches
Share Buttons – Social Media (CVE-2024-51845) , Nov 12, 2024
Share Buttons – Social Media (CVE-2024-55982) , Dec 18, 2024
New vulnerability
Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-7697) , Jul 21, 2025
Subscribe to Comments (CVE-2015-10133) , Jul 21, 2025
Connect to external APIs | Custom endpoints for WP (CVE-2025-54048) , Jul 21, 2025
Front-end Editor (CVE-2012-10019) , Jul 21, 2025
JetFormBuilder — Dynamic Blocks Form Builder (CVE-2025-53990) , Jul 20, 2025