CVE-2025-4840

Name of the Vulnerable Software and Affected Versions inprosysmedia-likes-dislikes-post WordPress plugin version 1.0.0

Description The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

Recommendations For version 1.0.0, consider disabling the AJAX action until a patch is available to prevent SQL injection attacks. Restrict access to the plugin's functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.