CVE-2025-13370 | ProjectList Plugin up to 0.3.0 on WordPress ID sql injection

November 25, 2025 Yanac

A vulnerability, which was classified as critical, was found in ProjectList Plugin up to 0.3.0 on WordPress. This vulnerability affects unknown code. The manipulation of the argument ID results in sql injection.

This vulnerability was named CVE-2025-13370. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More

CVE-2025-13385 | Bookme Plugin up to 4.2 on WordPress filter[status] sql injection
CVE-2025-13405 | Ace Post Type Builder Plugin up to 1.9 on WordPress cptb_delete_custom_taxonomy authorization