Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-58789 PoC — WordPress WP Full Stripe Free Plugin <= 8.2.5 - SQL Injection Vulnerability

Source
https://github.com/quetuan03/CVE-2025-58789
Associated Vulnerability
Title:WordPress WP Full Stripe Free Plugin <= 8.2.5 - SQL Injection Vulnerability (CVE-2025-58789)
Description:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle WP Full Stripe Free wp-full-stripe-free allows SQL Injection.This issue affects WP Full Stripe Free: from n/a through <= 8.2.5.
Description
WordPress WP Full Stripe Free Plugin <= 8.2.5 is vulnerable to SQL Injection
Readme
Sink: The getOrderParameters() function leads to SQL Injection vulnerability in the $orderBy and $order variables.
<img width="1374" height="422" alt="image" src="https://github.com/user-attachments/assets/da81be3f-0d6d-48cb-9236-d47c61cc94f4" />

PoC
<img width="1919" height="1017" alt="image" src="https://github.com/user-attachments/assets/9865ac9d-fbf3-4d6e-8876-0e661478d2a4" />
File Snapshot

 [4.0K]  /data/pocs/73b00170b54c9e966e3942f4e626bb12c1b1e017
└── [ 386]  README.md

1 directory, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →