CVE-2025-68017 HIGH

CVE-2025-68017: WordPress Antideo Email Validator plugin <= 1.0.10 - SQL Injection vulnerability

Vendor Antideo
Product Antideo Email Validator
Weakness CWE-89 · SQLi
Published January 22, 2026
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through <= 1.0.10.

Explanation of Vulnerability in Simple Terms

02Summary

Antideo Email Validator versions 1.0.10 and earlier contain a SQL injection vulnerability in the email validation logic. An attacker can craft malicious input to execute arbitrary SQL queries against the application's database. The vulnerability requires specific conditions to exploit but can result in unauthorized data access and partial service disruption.

What an attacker can do

03Attacker Capabilities

Execute SQL queries to read or modify database contents without authorization.

Potential impact on your site

04Site Impact

Attacker could access sensitive data stored in the database or cause temporary service degradation.

Conditions required to exploit

05Prerequisites

Network access to the application; specific attack conditions must be met (high complexity).

Key dates

06Disclosure timeline

January 22, 2026 CVE published
April 28, 2026 Record updated