VYPR
← All advisories
High severity7.5NVD Advisory· Published Mar 13, 2025· Updated Apr 15, 2026

CVE-2025-2107

CVE-2025-2107

Description

The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the printResultAndDie() function in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This only appears to be exploitable on very old versions of WordPress.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unauthenticated SQL injection in the ArielBrailovsky-ViralAd WordPress plugin (≤1.0.8) allows attackers to extract sensitive database information, but only on very old WordPress versions.

The ArielBrailovsky-ViralAd plugin for WordPress, versions up to and including 1.0.8, contains a SQL injection vulnerability in the printResultAndDie() function. The id parameter is insufficiently escaped and the SQL query lacks proper preparation, allowing an attacker to inject arbitrary SQL commands [1].

Exploitation does not require authentication, making the attack surface broad. However, the vulnerability is only exploitable on very old versions of WordPress, limiting its practical impact to legacy installations [1].

An unauthenticated attacker can append additional SQL queries to existing ones, potentially extracting sensitive information such as user credentials, session tokens, or other database contents [1].

The plugin has been closed as of March 11, 2025, and is no longer available for download. Users running very old WordPress versions should upgrade to a supported release or remove the plugin entirely [1].

References
  1. ArielBrailovsky-ViralAd

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.