Get Started

WordPress: Authenticated SQL Injection via wp-addpub Shortcode in WP-Addpub Plugin

by the Hossted team
09.06.2025

In WP-Addpub plugin for WordPress versions up to and including 1.2.8 a medium severity vulnerability CVE-2025-5563 was detected. This vulnerability allows authenticated attackers with Contributor-level access or higher to extract sensitive information from the database via SQL Injection through the wp-addpub shortcode, due to insufficient input escaping and improper SQL query preparation. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5563.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR