CVE-2025-5287

Published May 28, 2025

Last updated 2 months ago

CVSS high 7.5

Overview

Description
The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-89

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-5287 - high 🚨 Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection > The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via... 👾 https://t.co/HEgu0Z4MZW @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    26 Jun 2025

    24 Impressions

    0 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-5287 (CVSS:7.5, HIGH) is Awaiting Analysis. The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versio..https://t.co/bKdBTfSDNz #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    2 Jun 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. GitHub - wiseep/CVE-2025-5287: WordPress Likes and Dislikes - SQL Injection https://t.co/DpIzjhetB6

    @akaclandestine

    1 Jun 2025

    793 Impressions

    0 Retweets

    5 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2025-5287 🔴 HIGH (7.5) 🏢 erumfaham - Likes and Dislikes Plugin 🏗️ * 🔗 https://t.co/ExURQeubdJ 🔗 https://t.co/cn3Amxd2H2 #CyberCron #VulnAlert #InfoSec https://t.co/7GfL04qnVr

    @cybercronai

    29 May 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. #WordPress Likes and Dislikes Plugin ≤ 1.0.0 - Unauthenticated #SQL Injection CVE-2025-5287 PoC: https://t.co/dpZzS6QiAg #CyberSecurity #Hacked https://t.co/i748HIMTwV

    @Nxploited

    28 May 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-5287 The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficie… https://t.co/JO24jgUXUJ

    @CVEnew

    28 May 2025

    376 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.