SQL Injection Flaw in Likes and Dislikes Plugin for WordPress
CVE-2025-5287
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 28 May 2025
Badges
What is CVE-2025-5287?
The Likes and Dislikes Plugin for WordPress contains a vulnerability that allows SQL Injection through the 'post' parameter. This occurs due to inadequate escaping of user-supplied input and improper preparation of the SQL query. As a result, unauthenticated attackers can manipulate existing SQL queries to inject arbitrary queries, potentially exposing sensitive data from the database. It is crucial for users of this plugin to apply security measures and check for updates to safeguard their sites.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Likes and Dislikes Plugin * <= 1.0.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
19% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved