CVE-2025-2319

Name of the Vulnerable Software and Affected Versions EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress versions 4.11.13 through 5.25.08

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ELISQLREPORTS menu function. This allows unauthenticated attackers to execute code on the server via a forged request if they can trick a site administrator into performing an action. However, in version 5.25.10, a nonce check is added, which limits the exploitability to admins only.

Recommendations For versions 4.11.13 through 5.25.08, upgrade to version 5.25.10 to add a nonce check and limit the vulnerability's exploitability. As a temporary workaround, consider restricting access to the ELISQLREPORTS menu function until the upgrade to version 5.25.10 is applied.