CVE-2025-6717 is a medium-severity SQL Injection vulnerability affecting the B1.lt plugin for WordPress, versions up to and including 2.2.56. The vulnerability arises from improper neutralization of special elements in SQL commands (CWE-89), specifically due to insufficient escaping and lack of prepared statements for the 'id' parameter. Authenticated attackers with Subscriber-level access or higher can exploit this flaw by injecting additional SQL queries appended to existing ones. This can lead to unauthorized extraction of sensitive database information, compromising confidentiality. The vulnerability does not require user interaction beyond authentication, and the attack vector is network-based, allowing remote exploitation. The CVSS 3.1 score is 6.5, reflecting a medium severity with high confidentiality impact but no impact on integrity or availability. No known exploits are currently in the wild. The vulnerability was published on July 18, 2025, and affects all versions of the B1.lt plugin up to 2.2.56. The root cause is the failure to properly sanitize and parameterize user input in SQL queries, a common and critical security oversight in web applications. This flaw enables attackers to bypass intended access controls and extract sensitive data from the backend database, potentially including user credentials, financial data, or other confidential information stored by the plugin.

For European organizations using WordPress with the B1.lt plugin, this vulnerability poses a significant risk to data confidentiality. Since the plugin is related to accounting, sensitive financial and transactional data could be exposed if exploited. The requirement for authenticated access reduces the attack surface but does not eliminate risk, as Subscriber-level accounts are commonly available or can be compromised through phishing or credential stuffing. Data breaches resulting from this vulnerability could lead to regulatory penalties under GDPR due to unauthorized disclosure of personal or financial data. Additionally, reputational damage and loss of customer trust are likely consequences. The lack of impact on integrity and availability means the threat primarily concerns data leakage rather than data manipulation or service disruption. However, the extracted data could be used for further attacks or fraud. Organizations relying on this plugin for financial operations should consider the risk high enough to prioritize remediation, especially given the sensitivity of accounting data and the regulatory environment in Europe.

1. Immediate upgrade or patching: Organizations should update the B1.lt plugin to a version where this vulnerability is fixed once available. If no patch exists yet, consider disabling the plugin temporarily to mitigate risk. 2. Access control tightening: Restrict Subscriber-level access and review user roles to minimize the number of accounts that could exploit this vulnerability. 3. Web application firewall (WAF): Deploy or update WAF rules to detect and block SQL injection attempts targeting the 'id' parameter in requests to the plugin. 4. Input validation and parameterization: Developers should refactor the plugin code to use prepared statements with parameterized queries for all database interactions involving user input, eliminating direct concatenation of input into SQL commands. 5. Monitoring and logging: Enable detailed logging of database queries and web requests to detect suspicious activity indicative of SQL injection attempts. 6. Credential hygiene: Enforce strong authentication policies and monitor for compromised accounts that could be leveraged to exploit this vulnerability. 7. Incident response readiness: Prepare to respond to potential data breaches by having data breach notification and mitigation plans aligned with GDPR requirements.