Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for دکمه، شبکه اجتماعی خرید by AliRezaMohammadi

    CVE-2025-30570 (GCVE-0-2025-30570)

    Vulnerability from nvd – Published: 2025-03-24 13:47 – Updated: 2026-04-28 16:11
    VLAI
    Title
    WordPress دکمه، شبکه اجتماعی خرید plugin <= 2.0.6 - SQL Injection Vulnerability
    Summary
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AliRezaMohammadi دکمه، شبکه اجتماعی خرید dokme allows SQL Injection.This issue affects دکمه، شبکه اجتماعی خرید: from n/a through <= 2.0.6.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Date Public
    2026-04-01 16:36
    Credits
    kuteminh11 - VNPT Cyber Immunity | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30570",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-31T18:22:26.501208Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-31T18:22:34.552Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "dokme",
              "product": "\u062f\u06a9\u0645\u0647\u060c \u0634\u0628\u06a9\u0647 \u0627\u062c\u062a\u0645\u0627\u0639\u06cc \u062e\u0631\u06cc\u062f",
              "vendor": "AliRezaMohammadi",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kuteminh11 - VNPT Cyber Immunity | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:36:30.826Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in AliRezaMohammadi \u062f\u06a9\u0645\u0647\u060c \u0634\u0628\u06a9\u0647 \u0627\u062c\u062a\u0645\u0627\u0639\u06cc \u062e\u0631\u06cc\u062f dokme allows SQL Injection.\u003cp\u003eThis issue affects \u062f\u06a9\u0645\u0647\u060c \u0634\u0628\u06a9\u0647 \u0627\u062c\u062a\u0645\u0627\u0639\u06cc \u062e\u0631\u06cc\u062f: from n/a through \u003c= 2.0.6.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in AliRezaMohammadi \u062f\u06a9\u0645\u0647\u060c \u0634\u0628\u06a9\u0647 \u0627\u062c\u062a\u0645\u0627\u0639\u06cc \u062e\u0631\u06cc\u062f dokme allows SQL Injection.This issue affects \u062f\u06a9\u0645\u0647\u060c \u0634\u0628\u06a9\u0647 \u0627\u062c\u062a\u0645\u0627\u0639\u06cc \u062e\u0631\u06cc\u062f: from n/a through \u003c= 2.0.6."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:11:54.360Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/dokme/vulnerability/wordpress-d-mh-shb-h-gtm-aa-khr-d-2-0-6-sql-injection-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress \u062f\u06a9\u0645\u0647\u060c \u0634\u0628\u06a9\u0647 \u0627\u062c\u062a\u0645\u0627\u0639\u06cc \u062e\u0631\u06cc\u062f plugin \u003c= 2.0.6 - SQL Injection Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-30570",
        "datePublished": "2025-03-24T13:47:04.976Z",
        "dateReserved": "2025-03-24T13:00:15.938Z",
        "dateUpdated": "2026-04-28T16:11:54.360Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-30570 (GCVE-0-2025-30570)

    Vulnerability from cvelistv5 – Published: 2025-03-24 13:47 – Updated: 2026-04-28 16:11
    VLAI
    Title
    WordPress دکمه، شبکه اجتماعی خرید plugin <= 2.0.6 - SQL Injection Vulnerability
    Summary
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AliRezaMohammadi دکمه، شبکه اجتماعی خرید dokme allows SQL Injection.This issue affects دکمه، شبکه اجتماعی خرید: from n/a through <= 2.0.6.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Date Public
    2026-04-01 16:36
    Credits
    kuteminh11 - VNPT Cyber Immunity | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30570",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-31T18:22:26.501208Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-31T18:22:34.552Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "dokme",
              "product": "\u062f\u06a9\u0645\u0647\u060c \u0634\u0628\u06a9\u0647 \u0627\u062c\u062a\u0645\u0627\u0639\u06cc \u062e\u0631\u06cc\u062f",
              "vendor": "AliRezaMohammadi",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kuteminh11 - VNPT Cyber Immunity | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:36:30.826Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in AliRezaMohammadi \u062f\u06a9\u0645\u0647\u060c \u0634\u0628\u06a9\u0647 \u0627\u062c\u062a\u0645\u0627\u0639\u06cc \u062e\u0631\u06cc\u062f dokme allows SQL Injection.\u003cp\u003eThis issue affects \u062f\u06a9\u0645\u0647\u060c \u0634\u0628\u06a9\u0647 \u0627\u062c\u062a\u0645\u0627\u0639\u06cc \u062e\u0631\u06cc\u062f: from n/a through \u003c= 2.0.6.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in AliRezaMohammadi \u062f\u06a9\u0645\u0647\u060c \u0634\u0628\u06a9\u0647 \u0627\u062c\u062a\u0645\u0627\u0639\u06cc \u062e\u0631\u06cc\u062f dokme allows SQL Injection.This issue affects \u062f\u06a9\u0645\u0647\u060c \u0634\u0628\u06a9\u0647 \u0627\u062c\u062a\u0645\u0627\u0639\u06cc \u062e\u0631\u06cc\u062f: from n/a through \u003c= 2.0.6."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:11:54.360Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/dokme/vulnerability/wordpress-d-mh-shb-h-gtm-aa-khr-d-2-0-6-sql-injection-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress \u062f\u06a9\u0645\u0647\u060c \u0634\u0628\u06a9\u0647 \u0627\u062c\u062a\u0645\u0627\u0639\u06cc \u062e\u0631\u06cc\u062f plugin \u003c= 2.0.6 - SQL Injection Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-30570",
        "datePublished": "2025-03-24T13:47:04.976Z",
        "dateReserved": "2025-03-24T13:00:15.938Z",
        "dateUpdated": "2026-04-28T16:11:54.360Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }