CVE-2025-14124
Team < 5.0.11 - Unauthenticated SQLiThe Team WordPress plugin before 5.0.11 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
We have discovered 2,493 live websites that are affected by CVE-2025-14124.
Affected Software
| Product |  Tlp Team |
| Category | Wordpress Plugins |
| Vulnerable Domains | 2,493 live websites (59% of Tlp Team install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 53 versions ( 95% of all versions) |
Common Weakness Enumeration
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')Details
- Published - Jan 5, 2026
- Updated - Jan 5, 2026
Credits
- Alex Tselevich (nos3curity) (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-14124 United States | 756 websites |
 Germany | 290 websites |
 GB | 159 websites |
 India | 108 websites |
 France | 101 websites |
 Italy | 80 websites |
 Netherlands | 78 websites |
 Switzerland | 59 websites |
 Canada | 57 websites |
 Denmark | 54 websites |
Website Distribution by TLD
Number of websites using CVE-2025-14124| .com | 805 websites |
| .org | 352 websites |
| .de | 169 websites |
| .co.uk | 85 websites |
| .nl | 70 websites |
| .it | 56 websites |
| .ch | 53 websites |
| .at | 50 websites |
| .fr | 44 websites |
| .net | 39 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-14124
Top websites that are affected by CVE-2025-14124. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **************.***.***.com |  Singapore | **,*** | |
| ***********.com | United States | **,*** | |
| *****.org | United States | ***,*** | |
| ****************.fr | United States | ***,*** | |
| ********************.org | United States | ***,*** | |
| ****.pk |  Pakistan | ***,*** | |
| ************.com | United States | ***,*** | |
| ***************.com | GB | ***,*** | |
| ******************.org | United States | ***,*** | |
| *************.com | GB | ***,*** |
FAQ
CVE-2025-14124 is Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Tlp Team
A total of 2,493 websites have been identified as vulnerable to CVE-2025-14124, based on global website indexing conducted by WebTechSurvey.
The Tlp Team is affected by the CVE-2025-14124 vulnerability.
Tlp Team versions up to 5.0.11 are vulnerable to CVE-2025-14124.
CVE-2025-14124 is resolved in version 5.0.11 of Tlp Team.