CVE-2025-4689 – Ads Pro Plugin – WordPress Remote Code Execution via Local File Inclusion and SQL Injection

July 2, 2025

CVE ID : CVE-2025-4689

Published : July 2, 2025, 4:15 a.m. | 5 hours, 59 minutes ago

Description : The Ads Pro Plugin – Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vulnerability and Local File Inclusion vulnerability that can be chained with an image upload. This makes it possible for unauthenticated attackers to execute code on the server upload image files on the server than can be fetched via a SQL injection vulnerability, and ultimately executed as PHP code through the local file inclusion vulnerability.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5014 – The Home Villas | Real Estate WordPress Theme File Deletion Vulnerability (Arbitrary File Deletion)

Next Article CVE-2025-4380 – Adobe Ads Pro Plugin Local File Inclusion Vulnerability

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-4689 – Ads Pro Plugin – WordPress Remote Code Execution via Local File Inclusion and SQL Injection

Critical Lucee Flaw (CVE-2025-34074, CVSS 9.4): Authenticated RCE Via Scheduled Task Abuse, Metasploit Module Out

Exposed JDWP Debug Ports Under Attack: Cryptominers Infiltrating Java Apps in Hours

AI craze mania with AI action figures and turning pets into people

AMD’s Ryzen 8000HX refresh couldn’t come at a better time — Affordable gaming CPUs arrive as laptop prices rise

Tropy – explore your research photos

CVE-2025-3460 – Quantenna Wi-Fi Command Injection Vulnerability

Laravel Simple RabbitMQ Package

CVE-2025-3604 – Flynax Bridge WordPress Privilege Escalation Vulnerability

CVE-2025-47417 – Crestron Automate VX Sensitive Information Exposure

CVE-2025-4541 – LmxCMS SQL Injection Vulnerability

CVE-2025-4689 – Ads Pro Plugin – WordPress Remote Code Execution via Local File Inclusion and SQL Injection

Related Posts