Vulnerability: Unauthenticated Arbitrary SQL Execution in Tax Service Electronic HDM < 1.2.1 Description: - The plugin lacks authorization and CSRF protection in an AJAX action, allowing unauthenticated users to import and execute SQL statements. PoC: - Multi-step payload for privilege escalation within WordPress database - Exploitation command via curl Affected Plugins: - (Fixed in 1.2.1) References: - CVE-2025-12061 Classification: - Type: No Authorization - OWASP: A5 - Broken Access Control - CWE: 862 - CVSS: 8.6 (High) Miscellaneous: - Original Researcher: Khaled Alenazi - Verified: Yes - WPVDB ID: 1015dd69-faa5-4008-8884-f497ff980ed3 Timeline: - Publicly Published: 2025-11-05 (~21 days ago)