CVE-2025-5563 in WP-Addpub Plugin
Summary
by MITRE • 06/06/2025
The WP-Addpub plugin for WordPress is vulnerable to SQL Injection via the 'wp-addpub' shortcode in all versions up to, and including, 1.2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 06/06/2025
The WP-Addpub plugin for WordPress presents a critical SQL injection vulnerability that affects all versions up to and including 1.2.8. This vulnerability stems from inadequate input sanitization within the plugin's shortcode implementation, specifically the 'wp-addpub' shortcode which processes user-supplied parameters without proper escaping mechanisms. The flaw exists in the plugin's database query construction process where dynamic input values are directly incorporated into SQL statements without appropriate parameterization or sanitization, creating an exploitable entry point for malicious actors who can manipulate the query structure through crafted input parameters.
The vulnerability's impact is particularly concerning as it requires only Contributor-level access or higher to exploit, making it accessible to users who already possess significant privileges within the WordPress environment. Attackers can leverage this weakness to inject malicious SQL code into existing database queries, potentially enabling them to extract sensitive information from the underlying database. The technical implementation fails to employ proper prepared statement mechanisms or input validation that would normally prevent such injection attacks, allowing authenticated users to append additional SQL operations to existing queries and potentially access restricted data.
From an operational perspective, this vulnerability represents a significant risk to WordPress installations using the affected plugin, as it can be exploited by attackers who have gained Contributor-level access through various means such as credential compromise, social engineering, or other initial access vectors. The potential data extraction capabilities include user credentials, personal information, plugin configurations, and other sensitive database content that could be valuable for further attacks or unauthorized access. This vulnerability aligns with CWE-89 which specifically addresses SQL injection flaws, and it maps to ATT&CK technique T1213.002 related to data from information repositories where adversaries can extract data from databases.
Organizations should immediately update to the latest version of the WP-Addpub plugin where this vulnerability has been patched, as no workaround exists for this specific issue without code modification. System administrators should monitor for any suspicious activities in the WordPress environment, particularly around the affected shortcode usage, and implement proper access controls to limit Contributor-level privileges where possible. The vulnerability demonstrates the importance of proper input validation and parameterized queries in preventing injection attacks, and it underscores the need for regular security audits of third-party plugins to ensure they meet current security standards and do not introduce exploitable weaknesses into the overall system architecture.