CVE-2025-9776 | SQL Injection in CatFolders Plugin

TL;DR

This vulnerability has been assigned CVE-2025-9776 and is currently pending full publication details from the National Vulnerability Database (NVD). The vulnerability was discovered and responsibly disclosed by Kai Aizen (SnailSploit).

CVE Disclosures →

Status

Description

Full technical details will be published once the vulnerability information is released by NVD and the affected software vendor has had adequate time to patch and notify users.

Timeline

Discovery: Vulnerability discovered during WordPress plugin security assessment
Disclosure: Responsibly disclosed to plugin developer
CVE Assignment: CVE-2025-9776 assigned
Status: Awaiting NVD publication

Updates

This page will be updated with complete technical details, proof of concept, and remediation guidance once the information is publicly available through NVD.

For the most current information, check the official NVD entry or contact [email protected].

References

Discovered by: Kai Aizen (SnailSploit)

CVE-2026-3288 Config Injection in ingress-nginx CVE-2026-1208 CSRF in Friendly Functions for Welcart CVE-2025-12163 Stored XSS in OmniPress CVE-2025-12030 IDOR in ACF to REST API CVE-2025-11171 Missing Auth in Chartify CVE-2025-11174 Missing Auth in Document Library Lite

@misc{aizen2026cve, author = {Aizen, Kai}, title = {CVE-2025-9776 | SQL Injection in CatFolders Plugin}, year = {2026}, url = {https://snailsploit.com/security-research/cves/cve-2025-9776/}, note = {snailsploit.com} }