cleantalk
Vulnerabilities and Security Researches

B1.lt, CVE-2025-6718

CVE, Research URL

CVE-2025-6718

Home page URL

Security reports for B1.lt

Application

B1.lt

Published on
Jul 18, 2025
Research Description
The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX action in all versions up to, and including, 2.2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute and run arbitrary SQL commands.
Affected versions
Min -, max 2.2.56.
Status
vulnerable
Previous vulnerability researches
SIP Reviews Shortcode for WooCommerce (CVE-2024-6479) , Nov 02, 2024
SIP Reviews Shortcode for WooCommerce (CVE-2024-6480) , Nov 02, 2024
New vulnerability
Master Addons for Elementor (CVE-2025-5284) , Jul 20, 2025
Attachment Manager (CVE-2025-7643) , Jul 19, 2025
B1.lt (CVE-2025-6718) , Jul 19, 2025
B1.lt (CVE-2025-6717) , Jul 19, 2025
Widget for Google Reviews (CVE-2025-53565) , Jul 19, 2025