CVE-2025-10652 is a medium-severity SQL Injection vulnerability affecting the Robcore Netatmo plugin for WordPress, versions up to and including 1.7. The vulnerability arises from improper neutralization of special elements used in SQL commands (CWE-89). Specifically, the 'module_id' attribute of the robcore-netatmo shortcode is not properly escaped or prepared before being incorporated into SQL queries. This flaw allows authenticated users with Contributor-level access or higher to inject additional SQL commands into existing queries. Exploiting this vulnerability, an attacker can extract sensitive information from the underlying database without requiring administrative privileges or user interaction. The vulnerability is remotely exploitable over the network (AV:N), requires low attack complexity (AC:L), and only requires privileges equivalent to a Contributor (PR:L). The scope is unchanged (S:U), and the impact is primarily on confidentiality (C:H), with no impact on integrity or availability. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was published on September 20, 2025, and assigned a CVSS 3.1 base score of 6.5, reflecting its medium severity. The root cause is insufficient input validation and lack of parameterized queries or prepared statements in the plugin's handling of user-supplied shortcode attributes, which is a common security oversight in WordPress plugins that handle dynamic content.

For European organizations using WordPress websites with the Robcore Netatmo plugin installed, this vulnerability poses a significant risk to the confidentiality of their data. Since the vulnerability can be exploited by users with Contributor-level access, it lowers the barrier for insider threats or compromised accounts to extract sensitive database information, which may include user data, configuration details, or other confidential content. This could lead to data breaches, regulatory non-compliance (e.g., GDPR violations), reputational damage, and potential financial penalties. The lack of impact on integrity and availability means the threat is primarily data leakage rather than service disruption or data manipulation. However, the exposure of sensitive information could be leveraged in subsequent attacks, such as phishing or privilege escalation. Given the widespread use of WordPress in Europe and the popularity of plugins for smart home integrations like Netatmo, organizations in sectors such as smart building management, IoT services, and home automation are particularly at risk. Additionally, public-facing websites with multiple contributors or editors are more vulnerable due to the required Contributor-level privileges for exploitation.

To mitigate this vulnerability, European organizations should immediately audit their WordPress installations for the presence of the Robcore Netatmo plugin, especially versions up to 1.7. Until an official patch is released, organizations should consider disabling or removing the plugin to eliminate the attack surface. If removal is not feasible, restrict Contributor-level access strictly and review user roles to ensure only trusted users have such privileges. Implement Web Application Firewall (WAF) rules to detect and block suspicious SQL injection patterns targeting the 'module_id' parameter. Additionally, conduct code reviews and apply manual input sanitization or parameterized queries if possible. Monitor logs for unusual database query patterns or unauthorized data access attempts. Organizations should also prepare to apply vendor patches promptly once available and consider isolating WordPress instances handling sensitive data from critical network segments. Regular backups and incident response plans should be updated to address potential data leakage scenarios stemming from this vulnerability.