Attack Vectors

CVE-2025-32204 is a Medium-severity vulnerability (CVSS 4.9) affecting the WordPress plugin Split Test For Elementor (slug: split-test-for-elementor) in versions <= 1.8.3.

This issue is an authenticated SQL Injection, meaning an attacker must be logged in with at least Editor-level access (or higher) to exploit it. In practical terms, the primary risk scenario is not “random internet scanning,” but insider misuse, compromised staff accounts, shared credentials, or a separately breached plugin/account that grants an attacker Editor+ access.

More details: CVE record and vendor intelligence: Wordfence advisory.

Security Weakness

The vulnerability is caused by insufficient escaping of a user-supplied parameter and a lack of sufficient preparation in an existing SQL query in Split Test For Elementor versions up to 1.8.3. This can allow an authenticated attacker (Editor+) to append additional SQL to existing database queries.

From a governance and compliance perspective, the key takeaway is that trusted roles (Editor and above) become a high-value target. Even if your organization has strong perimeter controls, a single compromised Editor credential could be leveraged to query sensitive database content through this weakness.

Technical or Business Impacts

Because the CVSS vector indicates high confidentiality impact (C:H) with no direct integrity or availability impact stated (I:N/A:N), the most material risk is data exposure rather than site defacement or downtime. Depending on what is stored in your WordPress database, this can include business-sensitive content, user data, email addresses, internal metadata, and other information that may support follow-on attacks (phishing, account takeovers, competitive intelligence, or fraud).

For marketing and executive stakeholders, the business consequences can include brand and trust damage, regulatory/compliance exposure (if personal data is involved), and incident response costs (forensics, legal review, customer communications, and potential notification obligations).

Remediation: Update Split Test For Elementor to version 1.8.4 or any newer patched version. Also review who has Editor+ access, remove unused accounts, enforce strong passwords and MFA where possible, and monitor for unusual admin/editor activity.

Similar Attacks (real-world examples): SQL injection has been a root cause in several major breaches, including TalkTalk (2015), Heartland Payment Systems (2008), and Equifax (2017).