CVE-2025-68060: High-Severity SQL Injection in WPMart Team Member Plugin
The National Vulnerability Database has disclosed CVE-2025-68060, a critical SQL Injection vulnerability within the WPMart Team Member plugin. This flaw, rated High with a CVSS score of 7.6, allows for Blind SQL Injection. The vulnerability impacts versions up to and including 8.5, presenting a significant risk to websites utilizing this plugin.
Attackers can exploit this weakness by injecting malicious SQL commands, potentially leading to unauthorized data access or manipulation. Given the nature of SQL Injection, defenders must assume that any instance of this plugin running version 8.5 or older is potentially compromised and warrants immediate investigation. The lack of specified affected products in the NVD entry means the scope could be broader than just the plugin name itself.
Organizations running the WPMart Team Member plugin should prioritize updating to a patched version immediately. For those unable to update, implementing strict input validation and parameterized queries at the application layer can serve as a mitigating control. Furthermore, reviewing database logs for suspicious SQL queries is paramount to detect potential exploitation.
What This Means For You
- If your organization uses the WPMart Team Member plugin, check the installed version immediately. If it's 8.5 or older, patch it to the latest version or, at minimum, implement stringent input sanitization and monitor database logs for anomalous activity.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2025-68060: WPMart Team Member Plugin SQL Injection Attempt
title: CVE-2025-68060: WPMart Team Member Plugin SQL Injection Attempt
id: scw-2026-05-07-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2025-68060 in the WPMart Team Member plugin. The vulnerability allows for blind SQL injection. This rule looks for requests targeting the wp-team-member plugin directory with common SQL injection keywords within the query string.
author: SCW Feed Engine (AI-generated)
date: 2026-05-07
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2025-68060/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri:
- '/wp-content/plugins/wp-team-member/'
cs-uri-query|contains:
- 'id='; 'union'; 'select'; 'from'; 'where'; 'sleep'; 'benchmark'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-68060 | SQLi | WPMart Team Member plugin |
| CVE-2025-68060 | SQLi | WPMart Team Member version 8.5 and earlier |
| CVE-2025-68060 | SQLi | CWE-89 Improper Neutralization of Special Elements used in an SQL Command |
| CVE-2025-68060 | SQLi | Blind SQL Injection |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 07, 2026 at 12:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-44407 — Denial of Service
CVE-2026-44407 — A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service....
CVE-2026-27421 — WProyal Royal Elementor Addons Cross-Site Scripting (XSS)
CVE-2026-27421 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal...
CVE-2026-27416 — BPlugins PDF Poster Vulnerability
CVE-2026-27416 — Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through...