CVE-2025-5563

Name of the Vulnerable Software and Affected Versions WP-Addpub plugin for WordPress versions 1.2.8 and earlier

Description The issue allows authenticated attackers with Contributor-level access or higher to inject SQL queries via the 'wp-addpub' shortcode. This is due to insufficient escaping of user-supplied parameters and lack of preparation on existing SQL queries, enabling attackers to extract sensitive information from the database.

Recommendations For WP-Addpub plugin for WordPress versions 1.2.8 and earlier, update to a version later than 1.2.8 to resolve the issue. As a temporary workaround, consider restricting access to the 'wp-addpub' shortcode to minimize the risk of exploitation.