CVE-2025-6718 is a high-severity vulnerability affecting the B1.lt plugin for WordPress, developed by b1accounting. The vulnerability arises from a missing authorization check on the AJAX action 'b1_run_query' in all versions up to and including 2.2.56. Specifically, the plugin fails to verify whether the authenticated user has the appropriate capabilities before processing SQL queries submitted via this AJAX endpoint. As a result, any authenticated user with at least Subscriber-level access can exploit this flaw to execute arbitrary SQL commands against the underlying database. This constitutes a classic SQL Injection vulnerability combined with improper authorization (CWE-862). The vulnerability allows attackers to compromise the confidentiality, integrity, and availability of the WordPress site's data. Attackers can extract sensitive information, modify or delete data, or even escalate privileges by manipulating database contents. The CVSS v3.1 score of 8.8 reflects the high impact and relatively low attack complexity, as the vulnerability requires only low privileges and no user interaction beyond authentication. No known exploits are reported in the wild yet, but the presence of this vulnerability in a widely used WordPress plugin poses a significant risk, especially given the popularity of WordPress in Europe. The lack of a patch link indicates that a fix may not yet be publicly available, increasing the urgency for mitigation.

For European organizations, this vulnerability poses a substantial risk due to the widespread use of WordPress for corporate websites, blogs, and e-commerce platforms. Exploitation could lead to unauthorized data disclosure, including personal data protected under GDPR, resulting in regulatory penalties and reputational damage. Integrity violations could disrupt business operations by altering or deleting critical content or configuration data. Availability could also be impacted if attackers execute destructive SQL commands, potentially causing site outages. Organizations in sectors such as finance, healthcare, and government, which often rely on WordPress for public-facing portals or internal communications, are particularly vulnerable. The ability for low-privileged users to exploit this flaw increases the attack surface, as even compromised or malicious subscriber accounts can be leveraged. This elevates the threat level in environments with large user bases or where user account management is less stringent. Additionally, the potential for privilege escalation through database manipulation could lead to full site compromise, further amplifying the impact.

Immediate mitigation steps include restricting user roles that have access to the WordPress admin area or subscriber accounts until a patch is available. Organizations should audit their user base to remove or limit unnecessary subscriber accounts and enforce strong authentication policies. Implementing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious SQL injection patterns targeting the 'b1_run_query' AJAX action can provide temporary protection. Monitoring logs for unusual database queries or AJAX requests related to this endpoint is critical for early detection. Administrators should subscribe to vendor and security mailing lists to receive updates on patches or official fixes. Once a patch is released, prompt application is essential. In the interim, consider disabling or removing the B1.lt plugin if it is not critical to operations. Additionally, conducting a thorough security review of all plugins and ensuring minimal privileges for all user roles will reduce the risk of similar vulnerabilities.