← Back
2026-02-07 8:26CVE-2025-15477Wordfence
PUBLISHED5.2CWE-89

The Bucketlister <= 0.1.5 - Authenticated (Contributor+) SQL Injection via `category` and `id` Shortcode Attributes

The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode `category` and `id` attributes in all versions up to, and including, 0.1.5 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Problem type

Affected products

simonfairbairn

The Bucketlister

<= 0.1.5 - AFFECTED

References

wordfence.com

https://www.wordfence.com/threat-intel/vulnerabilities/id/fba36ebc-a396-4eb8-8cb6-afc50b9c974e?source=cve

plugins.trac.wordpress.org

https://plugins.trac.wordpress.org/browser/the-bucketlister/tags/0.1.5/bucketlister.php#L19

GitHub Security Advisories

GHSA-5m24-m65h-vc6r

The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode ...

https://github.com/advisories/GHSA-5m24-m65h-vc6r

The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode category and id attributes in all versions up to, and including, 0.1.5 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2025-15477

plugins.trac.wordpress.org

https://plugins.trac.wordpress.org/browser/the-bucketlister/tags/0.1.5/bucketlister.php#L19

wordfence.com

https://www.wordfence.com/threat-intel/vulnerabilities/id/fba36ebc-a396-4eb8-8cb6-afc50b9c974e?source=cve

github.com

https://github.com/advisories/GHSA-5m24-m65h-vc6r

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-15477
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-15477",
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "dateUpdated": "2026-02-07T08:26:41.436Z",
    "dateReserved": "2026-01-07T12:33:47.336Z",
    "datePublished": "2026-02-07T08:26:41.436Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence",
        "dateUpdated": "2026-02-07T08:26:41.436Z"
      },
      "title": "The Bucketlister <= 0.1.5 - Authenticated (Contributor+) SQL Injection via `category` and `id` Shortcode Attributes",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode `category` and `id` attributes in all versions up to, and including, 0.1.5 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
        }
      ],
      "affected": [
        {
          "vendor": "simonfairbairn",
          "product": "The Bucketlister",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "*",
              "status": "affected",
              "versionType": "semver",
              "lessThanOrEqual": "0.1.5"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fba36ebc-a396-4eb8-8cb6-afc50b9c974e?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/the-bucketlister/tags/0.1.5/bucketlister.php#L19"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM"
          }
        }
      ],
      "timeline": [
        {
          "time": "2025-12-14T00:00:00.000+00:00",
          "lang": "en",
          "value": "Discovered"
        },
        {
          "time": "2026-02-06T20:26:14.000+00:00",
          "lang": "en",
          "value": "Disclosed"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ivan Cese",
          "type": "finder"
        }
      ]
    }
  }
}