SQL Injection Vulnerability in ResAds by Web-MV
CVE-2025-23779

7.6HIGH

Key Information:

Vendor: WordPress
Status: Resads
Vendor: CVE Published:; 16 January 2025

Summary

The ResAds plugin by Web-MV is susceptible to an SQL Injection vulnerability, allowing attackers to manipulate SQL queries by injecting malicious code. This security flaw can lead to unauthorized data access or modification, posing serious risks to the integrity of the database. Affected versions of the ResAds plugin extend from an unspecified version up to version 2.0.5, necessitating immediate attention from users to mitigate potential threats.

Affected Version(s)

ResAds <= 2.0.5

References

https://patchstack.com/database/wordpress/plugin/resads/v...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)