How to fix CVE-2025-4840?

Within 24 hours: Identify all WordPress installations using this plugin and disable it immediately via admin panel or file removal. Within 7 days: Audit database access logs for suspicious AJAX requests to detect potential exploitation; assess what data may have been exposed. Within 30 days: Review alternative plugins for likes/dislikes functionality, migrate to a patched solution once available, and implement application-layer monitoring to detect SQL injection attempts.

Is PHP affected by CVE-2025-4840?

A critical SQL injection vulnerability in the inprosysmedia-likes-dislikes-post WordPress plugin allows unauthenticated attackers to extract or manipulate database contents without authentication.

CVE-2025-4840

EUVD-2025-17630 HIGH

2025-06-10 [email protected]

WordPress SQLi PHP Likes And Dislikes

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17630

PoC Detected

Jul 02, 2025 - 16:14 vuln.today

Public exploit code

CVE Published

Jun 10, 2025 - 06:15 nvd

HIGH 7.5

DescriptionNVD

The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

AnalysisAI

A SQL injection vulnerability in through 1.0.0 does not properly sanitise and escape a parameter (CVSS 7.5). Risk factors: public PoC available.

Technical ContextAI

CWE-89 (SQL Injection). CVSS 7.5 indicates high severity. Affects through 1.0.0 does not properly sanitise and escape a parameter.

RemediationAI

Monitor vendor channels for patch availability. Implement input validation and WAF rules as interim mitigation.

CVE-2025-4840 vulnerability details – vuln.today

Back

CVE-2025-4840

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code