CVE-2025-10045 | onOffice for WP-Websites Plugin up to 5.7 on WordPress order sql injection

October 15, 2025 Yanac

A vulnerability was found in onOffice for WP-Websites Plugin up to 5.7 on WordPress. It has been declared as critical. This affects an unknown part. The manipulation of the argument order results in sql injection.

This vulnerability is reported as CVE-2025-10045. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More

CVE-2025-10294 | OwnID Passwordless Login Plugin up to 1.3.4 on WordPress ownid_shared_secret improper authentication
CVE-2025-10038 | Binary MLM Plan Plugin up to 3.0 on WordPress Setting bmp_user improper authentication