CVE-2025-4840 Information

Description

The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users leading to a SQL injection

Reference

https://wpscan.com/vulnerability/85dc579d-edc4-421e-9bb1-09629dec527b/ https://wpscan.com/vulnerability/85dc579d-edc4-421e-9bb1-09629dec527b/