{"id":"CVE-2025-1986","details":"The Gutentor  WordPress plugin before 3.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","modified":"2026-03-12T17:37:17.260532Z","published":"2025-04-01T06:15:48.047Z","references":[{"type":"EVIDENCE","url":"https://wpscan.com/vulnerability/f1414750-19ee-4a5d-b255-a9c20168b716/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.7"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1986.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N"}]}