{"id":85955,"date":"2025-12-04T03:48:37","date_gmt":"2025-12-04T03:48:37","guid":{"rendered":""},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-30T06:00:00","slug":"cve-2025-46252-sql-injection-vulnerability-in-kofimokome-message-filter-for-contact-form-7","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-46252-sql-injection-vulnerability-in-kofimokome-message-filter-for-contact-form-7\/","title":{"rendered":"CVE-2025-46252: SQL Injection Vulnerability in kofimokome Message Filter for Contact Form 7<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The CVE-2025-46252 vulnerability affects the Message Filter for Contact Form 7, a popular plugin for WordPress websites. It involves an SQL Injection vulnerability, which could potentially allow attackers to manipulate SQL queries leading to unauthorized access to sensitive information. This vulnerability could potentially lead to system compromise or data leakage, making its mitigation a high-priority task.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-46252
\nSeverity: High (CVSS: 7.6)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Potential system compromise or data leakage. A successful exploit may allow unauthorized access to sensitive information, system compromise, and data leakage.<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n