## https://sploitus.com/exploit?id=1D922E85-3677-56DB-A3F0-D3BD5024D5D7
# CVE-2025-68055
## Authenticated SQL injection in Hydra Booking Plugin get()` function, Hydra Booking hardcodes user input directly into the raw sql request instead of using **prepare** to sanitize input, leading to Time-Based Blind SQL injection.
### Exploit
A simple run command as such will tell you whether or not the running wordpress instance is vulnerable :
```
./CVE-2025-68055.py
--url
--login
--password
Exploit options :
--list-users
--dump-password
```
Two options are available in the script as for exploitation but one can modify the script or use tools like **SQLMap** to get more specific data out of the database.
Option 1 : By adding `--list-users` the script will exploit the sql injection to dump every entry of the column `user_login` in the wordpress users table.
Option 2 : By adding `--dump-password ` the script will dump the password hash of the requested user (if the user exists)