CVE-2025-4578

Name of the Vulnerable Software and Affected Versions File Provider WordPress plugin versions 1.2.3 and earlier

Description The issue arises from the File Provider WordPress plugin not properly sanitizing and escaping a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. This allows for potential attacks without the need for authentication.

Recommendations For versions 1.2.3 and earlier, update to a version that properly sanitizes and escapes parameters used in SQL statements to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the AJAX action or disabling it until a patch is available.