CVE-2025-4689 – Ads Pro Plugin – WordPress Remote Code Execution via Local File Inclusion and SQL Injection

July 2, 2025

CVE ID : CVE-2025-4689

Published : July 2, 2025, 4:15 a.m. | 5 hours, 59 minutes ago

Description : The Ads Pro Plugin – Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vulnerability and Local File Inclusion vulnerability that can be chained with an image upload. This makes it possible for unauthenticated attackers to execute code on the server upload image files on the server than can be fetched via a SQL injection vulnerability, and ultimately executed as PHP code through the local file inclusion vulnerability.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5014 – The Home Villas | Real Estate WordPress Theme File Deletion Vulnerability (Arbitrary File Deletion)

Next Article CVE-2025-4380 – Adobe Ads Pro Plugin Local File Inclusion Vulnerability

Highlights

UNC1151 exploiting Roundcube to steal user credentials in a spearphishing campaign

June 5, 2025

UNC1151 exploiting Roundcube to steal user credentials in a spearphishing campaign

CERT Polska has observed a spear phishing campaign targeting Polish entities this week. The threat actor attempted to exploit the CVE-2024-42009 vulnerability, which allows JavaScript code to be execu …
Read more

Published Date:
Jun 05, 2025 (3 hours, 39 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-49113

CVE-2024-42009

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-4689 – Ads Pro Plugin – WordPress Remote Code Execution via Local File Inclusion and SQL Injection

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

File Shredder permanently deletes files

5 Tools to Enhance Your AppImage Experience on Linux

Ubuntu 25.10 “Questing Quokka”: Apertura dello sviluppo e anticipazioni

WireLurker: new malware targets Apple users

UNC1151 exploiting Roundcube to steal user credentials in a spearphishing campaign

CVE-2025-29828 – Windows Cryptographic Services Double Free Vulnerability

EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware

Variational Rectified Flow Matching

CVE-2025-4689 – Ads Pro Plugin – WordPress Remote Code Execution via Local File Inclusion and SQL Injection

Related Posts