PT-2025-42300 · WordPress · Wp Jquery Pager
Peter Thaleikis
·
Publicado
2025-10-15
·
Atualizado
2025-10-15
·
CVE-2025-10575
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WP jQuery Pager plugin versions through 1.4.0
Description
The WP jQuery Pager plugin for WordPress is susceptible to SQL Injection through the 'ids' shortcode attribute parameter. This is due to inadequate escaping of user-supplied input and insufficient preparation of the existing SQL query within the
WPJqueryPaged::get gallery page imgs() function. Authenticated attackers with Contributor-level access or higher can append additional SQL queries to existing ones, potentially extracting sensitive information from the database.Recommendations
Update the WP jQuery Pager plugin to a version newer than 1.4.0.
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wp Jquery Pager