CVE-2025-28254

Database vulnerability - WordPress

High CVSS Score: 7.8 Published: 2025-05-16

Description

A remote code execution vulnerability in WordPress Database allows attackers to access sensitive information. This affects versions prior to 7.75.5.

Affected Systems

Vendor WordPress
Product Database
Affected Versions < 13.47
CWE ID CWE-125

Mitigation

As a workaround, disable the affected feature until a patch is available.

Fix Instructions

1. Update Database to the latest version
2. Apply vendor patch when available
3. Implement network segmentation
4. Monitor for exploitation attempts

References

Risk Assessment

CVSS: 7.8/10

Exploit Available Yes
Patch Available Yes

Need Help Patching?

Our security team can help assess and remediate this vulnerability in your environment.

Get Help

Related Vulnerabilities

low

CVE-2024-87502

Browser...
medium

CVE-2024-99702

HTTP Server...
high

CVE-2024-87353

Database...
high

CVE-2024-70272

Database...
low

CVE-2025-74268

Database...
medium

CVE-2024-31155

Database Server...

Stay Ahead of Threats

Subscribe to our vulnerability feed and get instant alerts when new CVEs affect your systems.

Start Monitoring