CVE-2025-5339

Name of the Vulnerable Software and Affected Versions: Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager versions up to 4.89

Description: The issue is related to a time-based SQL injection vulnerability. It occurs due to insufficient escaping of the user-supplied bsa pro id parameter and a lack of proper preparation of the existing SQL query. This allows unauthenticated attackers to append additional SQL queries to existing ones, potentially extracting sensitive information from the database.

Recommendations: For versions up to 4.89, update to a version higher than 4.89 to resolve the issue. As a temporary workaround, consider restricting access to the bsa pro id parameter to minimize the risk of exploitation.