Cross-Site Request Forgery in EZ SQL Reports Shortcode Widget and DB Backup for WordPress
CVE-2025-2319

8.8HIGH

Key Information:

Vendor

WordPress
Status
Ez Sql Reports Shortcode Widget And Db Backup
Vendor
CVE Published:
25 March 2025

What is CVE-2025-2319?

The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is susceptible to Cross-Site Request Forgery. This vulnerability arises from inadequate nonce validation within the 'ELISQLREPORTS_menu' function, allowing unauthenticated attackers to potentially execute unauthorized commands on the server. By deceiving a site administrator into clicking a malicious link, an attacker could exploit this vulnerability. The issue is mitigated in version 5.25.10, which introduces necessary nonce checks, limiting exploitation to admin users only.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EZ SQL Reports Shortcode Widget and DB Backup 4.11.13 <= 5.25.08

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/elisqlreports/...
https://plugins.trac.wordpress.org/browser/elisqlreports/...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

lucky_buddy
JSON
.