CVE-2025-4689 – Ads Pro Plugin – WordPress Remote Code Execution via Local File Inclusion and SQL Injection

July 2, 2025

CVE ID : CVE-2025-4689

Published : July 2, 2025, 4:15 a.m. | 5 hours, 59 minutes ago

Description : The Ads Pro Plugin – Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vulnerability and Local File Inclusion vulnerability that can be chained with an image upload. This makes it possible for unauthenticated attackers to execute code on the server upload image files on the server than can be fetched via a SQL injection vulnerability, and ultimately executed as PHP code through the local file inclusion vulnerability.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5014 – The Home Villas | Real Estate WordPress Theme File Deletion Vulnerability (Arbitrary File Deletion)

Next Article CVE-2025-4380 – Adobe Ads Pro Plugin Local File Inclusion Vulnerability

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

Your smart home device just got a performance and security boost for free

Ultrahuman brings advanced cycle and ovulation tracking to its smart ring

DistroWatch Weekly, Issue 1135

14 secret phone codes that unlock hidden features on your Android and iPhone

Air Quality Prediction System using Python ML

Air Quality Prediction System using Python ML

AI’s Hidden Thirst: The Water Behind Tech

Minesweeper game in 100 lines of pure JavaScript – easy tutorial

DistroWatch Weekly, Issue 1135

DistroWatch Weekly, Issue 1135

Ubuntu’s New “Dangerous” Daily Builds – What Are They?

gofmt – formats Go programs

CVE-2025-4689 – Ads Pro Plugin – WordPress Remote Code Execution via Local File Inclusion and SQL Injection

CVE-2025-9090 – Tenda Telnet Service Command Injection

CVE-2025-9091 – Tenda AC20 Hard-Coded Credentials Vulnerability

CVE-2025-45343 – Tenda W18E Remote Code Execution Vulnerability

Apple’s latest MacBook Air M4 was just released and it just got even cheaper

opencu – minimalistic serial terminal emulator

Splunk Address Third Party Packages Vulnerabilities in Enterprise Versions – Update Now

CVE-2025-44177 – White Star Software Protop Directory Traversal Vulnerability

Microsoft Makes Security Copilot in Entra Generally Available for IT Admins

CVE-2025-49483 – Falcon Linux, Kestrel, and Lapwing Linux ASR180x, ASR190x TR069 Resource Leak Exposure

CVE-2025-27817 – Apache Kafka Client Arbitrary File Read and SSRF Vulnerability

CVE-2025-4689 – Ads Pro Plugin – WordPress Remote Code Execution via Local File Inclusion and SQL Injection

Related Posts