CVE-2025-4689 – Ads Pro Plugin – WordPress Remote Code Execution via Local File Inclusion and SQL Injection

July 2, 2025

CVE ID : CVE-2025-4689

Published : July 2, 2025, 4:15 a.m. | 5 hours, 59 minutes ago

Description : The Ads Pro Plugin – Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vulnerability and Local File Inclusion vulnerability that can be chained with an image upload. This makes it possible for unauthenticated attackers to execute code on the server upload image files on the server than can be fetched via a SQL injection vulnerability, and ultimately executed as PHP code through the local file inclusion vulnerability.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5014 – The Home Villas | Real Estate WordPress Theme File Deletion Vulnerability (Arbitrary File Deletion)

Next Article CVE-2025-4380 – Adobe Ads Pro Plugin Local File Inclusion Vulnerability

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

The impact of gray work on software development

CSS Intelligence: Speculating On The Future Of A Smarter Language

Your Roku has secret menus and screens – here’s how to unlock them

Add Paramount+, STARZ, and more to your Prime Video account for $0.99 a month – here’s how

My new favorite keychain accessory gives me 2TB of SSD storage instantly

HP’s latest OmniBook finally sold me on the 2-in-1 form factor (and it’s on sale)

Simplifying Stream Handling with Laravel’s resource Method

Simplifying Stream Handling with Laravel’s resource Method

Intelligent Parsing and Formatting of Names in PHP Applications

This Week in Laravel: Cursor Rules, Nightwatch Review, and Race Conditions

Microsoft confirms Windows 11 KB5060829 issues, but you can safely ignore it

Microsoft confirms Windows 11 KB5060829 issues, but you can safely ignore it

Hash Calculator – calculates around 50 cryptographic hashes of strings and files

Rilasciato Thunderbird 140 ESR: Un’attenzione alle esigenze aziendali

CVE-2025-4689 – Ads Pro Plugin – WordPress Remote Code Execution via Local File Inclusion and SQL Injection

Apache Tomcat and Camel Vulnerabilities Actively Exploited in The Wild

Grafana releases critical security update for Image Renderer plugin

Marks & Spencer’s ransomware nightmare – more details emerge

Clipchamp makes video editing faster, brings ability to delete parts of transcript to trim video

CVE-2025-5967 – “ENS HX Stored Cross-Site Scripting Vulnerability”

Google expands AI features for nonprofits in 100+ countries

ChatGPT Starts Speaking Like a Demon, Users Say It’s ‘Straight Out of a Horror Movie’

Handle Fluent Values as Arrays with Laravel’s array() Method

Sun-Intelligence 5.0 – Powered by Absolute Zero Reasoner (AZR) Technology: The AI that doesn’t need humans anymore

Navigating the AI Revolution: The Importance of Adaptation

CVE-2025-4689 – Ads Pro Plugin – WordPress Remote Code Execution via Local File Inclusion and SQL Injection

Related Posts