CVE-2025-2107

Name of the Vulnerable Software and Affected Versions: ArielBrailovsky-ViralAd plugin for WordPress versions up to, and including, 1.0.8

Description: The issue allows unauthenticated attackers to perform SQL Injection via the id parameter of the printResultAndDie() function due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This enables attackers to append additional SQL queries into already existing queries, potentially extracting sensitive information from the database. The exploitability of this issue seems to be limited to very old versions of WordPress.

Recommendations: For ArielBrailovsky-ViralAd plugin for WordPress versions up to, and including, 1.0.8, consider disabling the printResultAndDie() function until a patch is available to prevent exploitation through the id parameter. Restrict access to sensitive database information to minimize the risk of data extraction.