5 matches found
📄 WordPress File Provider 1.2.3 SQL Injection
WordPress File Provider plugin versions 1.2.3 and below suffer from an unauthenticated remote SQL injection vulnerability. CVE-2025-4578 File Provider = 1.2.3 - Unauthenticated SQL Injection Description The File Provider plugin for WordPress is vulnerable to SQL Injection via the 'fileId' paramet...
CVE-2025-4578
The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2025-4578
creationtimestamp| type| source ---|---|--- 2025-06-04 07:10:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqratazuqm2e 2025-07-10 21:00:04+00:00| exploited| Telegram/kabkSjcaer5upRB0Ibwq9GK8VGQatVOtX1VoUjYbdl2MlGc 2026-06-19 12:46:00+00:00| exploited|...
CVE-2025-4578
The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2025-4578
CVE-2025-4578 affects the WordPress File Provider plugin (