CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39595 – WordPress Quentn WP <= 1.2.8 - SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-39595
17 Apr 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quentn.com GmbH Quentn WP allows SQL Injection. This issue affects Quentn WP: from n/a through 1.2.8. The Quentn WP plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL qu... • https://patchstack.com/database/wordpress/plugin/quentn-wp/vulnerability/wordpress-quentn-wp-1-2-8-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39596 – WordPress Quentn WP <= 1.2.8 - Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-39596
17 Apr 2025 — Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This issue affects Quentn WP: from n/a through 1.2.8. The Quentn WP plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.8. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator. • https://patchstack.com/database/wordpress/plugin/quentn-wp/vulnerability/wordpress-quentn-wp-1-2-8-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-1390: Weak Authentication •