High severity7.5NVD Advisory· Published Jun 10, 2025· Updated Jun 17, 2026
CVE-2025-4840
CVE-2025-4840
Description
The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- WordPress/inprosysmedia-likes-dislikes-postdescription
- Range: <=1.0.0
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/85dc579d-edc4-421e-9bb1-09629dec527b/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.