CVE-2025-5563: 
WordPress vulnerability analysis and mitigation

The WP-Addpub plugin for WordPress contains a SQL Injection vulnerability (CVE-2025-5563) discovered on June 5, 2025. This vulnerability affects all versions up to and including 1.2.8. The vulnerability exists in the 'wp-addpub' shortcode functionality due to insufficient escaping of user-supplied parameters and inadequate SQL query preparation (NVD).

The vulnerability is classified as CWE-89 (SQL Injection) with a CVSS v3.1 base score of 6.5 (MEDIUM). The vulnerability stems from improper neutralization of special elements in SQL commands within the plugin's shortcode functionality. The issue specifically affects authenticated users with Contributor-level access or higher, who can manipulate SQL queries through the wp-addpub shortcode (NVD, WordPress Plugin).

When exploited, this vulnerability allows authenticated attackers with Contributor-level privileges or higher to append additional SQL queries to existing ones. This capability can be leveraged to extract sensitive information from the WordPress database (NVD).

No official patch or mitigation has been publicly announced at the time of this report. Website administrators running the affected versions of WP-Addpub should consider disabling the plugin until a security update is available (NVD).