CVE-2025-67928 CRITICAL

CVE-2025-67928: WordPress Automotive Listings plugin <= 18.6 - SQL Injection vulnerability

Vendor Themesuite

Product Automotive Listings

Weakness CWE-89 · SQLi

Published January 8, 2026

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

9.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themesuite Automotive Listings automotive allows Blind SQL Injection.This issue affects Automotive Listings: from n/a through <= 18.6.

Key dates

02Disclosure timeline

January 8, 2026 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-67928

Related vulnerabilities

04Related CVE

CVE-2025-2657 projectworlds Apartment Visitors Management System front.php sql injection CVE-2026-2012 itsourcecode Student Management System index.php sql injection CVE-2024-12943 CodeAstro House Rental Management System ownersignup.php sql injection CVE-2025-6364 code-projects Simple Pizza Ordering System adduser-exec.php sql injection CVE-2023-1847 SourceCodester Online Payroll System attendance.php sql injection