216.73.217.98

CVE-2025-2319

· Published 25/03/2025 09:15 · Modified 25/03/2025 09:15

Labels: CVE-2025-2319 2025-03-25CVE-2025-2319CWE-352[email protected]

Essential information

Published
25/03/2025 09:15
Modified
25/03/2025 09:15
Author
Creator
CVSS
8.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. This makes it possible for unauthenticated attackers to execute code on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Version 5.25.10 adds a nonce check, which makes this vulnerability exploitable by admins only.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wordpress / ez sql reports shortcode widget cpe:2.3:a:wordpress:ez_sql_reports_shortcode_widget:*:*:*:*:*:wordpress:*:*
wordpress / db backup cpe:2.3:a:wordpress:db_backup:*:*:*:*:*:wordpress:*:*

References