CVE-2025-5287

Name of the Vulnerable Software and Affected Versions Likes and Dislikes Plugin versions up to and including 1.0.0

Description The issue allows unauthenticated attackers to inject SQL queries via the post parameter due to insufficient escaping of user-supplied input and lack of proper preparation of existing SQL queries. This enables attackers to extract sensitive information from the database by appending additional SQL queries to existing ones.

Recommendations For versions up to and including 1.0.0, as a temporary workaround, consider restricting access to the post parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.