How to fix EUVD-2025-16842?

Within 24 hours: Identify all instances of File Provider plugin across your WordPress installations and disable it immediately as a temporary measure. Within 7 days: Audit database access logs for suspicious activity and assess whether any exploitation has occurred; contact the plugin developer for patch timeline or consider switching to an alternative file management solution. Within 30 days: Once a patch is released, thoroughly test it in a staging environment before deploying to production, and implement compensating controls listed below until patch is applied.

Is PHP affected by EUVD-2025-16842?

A critical SQL injection vulnerability in the File Provider WordPress plugin (versions through 1.2.3) allows unauthenticated attackers to execute arbitrary database queries, potentially exposing sensitive data, modifying website content, or gaining administrative access.

EUVD-2025-16842

| CVE-2025-4578 CRITICAL

2025-06-04 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 17:29 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 17:29 euvd

EUVD-2025-16842

PoC Detected

Jun 04, 2025 - 20:07 vuln.today

Public exploit code

CVE Published

Jun 04, 2025 - 06:15 nvd

CRITICAL 9.8

Description

The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

Analysis

SQL injection in File Provider WordPress plugin through 1.2.3. PoC available.

Technical Context

CWE-89.

Affected Products

['File Provider <= 1.2.3']

Remediation

Update.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.3

CVSS: +49

POC: +20

EUVD-2025-16842 vulnerability details – vuln.today

Back

EUVD-2025-16842

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-16842

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code