This vulnerability (CVE-2025-22350) in WpIndeed Ultimate Learning Pro is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). It allows SQL Injection attacks due to insufficient sanitization of SQL inputs. The vulnerability affects all versions up to 3.9. The CVSS 3.1 base score is 7.6, reflecting network attack vector, low attack complexity, high privileges required, no user interaction, scope changed, high confidentiality impact, no integrity impact, and low availability impact. No official patch or remediation level has been published by the vendor, and no known exploits have been reported.

An attacker with high privileges could exploit this SQL Injection vulnerability to access or manipulate sensitive database information, potentially leading to confidentiality breaches. The vulnerability does not impact data integrity but may cause limited availability issues. The scope of impact extends beyond the vulnerable component, indicating potential broader effects within the application environment.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict high-privilege access to the affected application and monitor for unusual database activity. Avoid exposing the vulnerable application to untrusted networks where possible. Apply any vendor updates promptly once released.