CVE-2025-2107

Published Mar 13, 2025

Last updated 23 days ago

CVSS high 7.5

Overview

Description
The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the printResultAndDie() function in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This only appears to be exploitable on very old versions of WordPress.
Source
security@wordfence.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-89

Social media

Hype score
Not currently trending

  1. CVE-2025-2107 (CVSS:7.5, HIGH) is Awaiting Analysis. The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the printResul..https://t.co/jPr67TKzai #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    18 Mar 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-2107 πŸ”΄ HIGH (7.5) 🏒 arielbrailovsky - ArielBrailovsky-ViralAd πŸ—οΈ * πŸ”— https://t.co/MlkDcfPT5O πŸ”— https://t.co/eXGjLKbWQN πŸ”— https://t.co/IDChMk9FZ0 #CyberCron #VulnAlert #InfoSec https://t.co/gecWxT2dkc

    @cybercronai

    14 Mar 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-2107 03/13/2025 02:15:13 AM BaseSeverity: HIGH The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the printResultAndDie... https://t.co/YHZwgE1MtB

    @CVETracker

    13 Mar 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-2107 The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the printResultAndDie() function in all versions up to, and in… https://t.co/9RqTncZLn2

    @CVEnew

    13 Mar 2025

    369 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. οΏ½οΏ½ CVE-2025-2107 - WordPress - HIGH 🚨 πŸ—“οΈ Date published 2025-03-13 02:15:13 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/qrAJkMQvve

    @vulns_space

    13 Mar 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References