CVE-2025-10575 is an SQL Injection vulnerability identified in the WP jQuery Pager plugin for WordPress, specifically in versions up to and including 1.4.0. The vulnerability stems from insufficient escaping and lack of proper preparation of the 'ids' shortcode attribute parameter within the WPJqueryPaged::get_gallery_page_imgs() function. This flaw allows authenticated users with Contributor-level permissions or higher to append arbitrary SQL queries to existing database queries. Since Contributors typically have limited privileges, this vulnerability significantly elevates the risk by enabling them to extract sensitive information from the WordPress database without requiring higher administrative rights. The attack vector is remote and does not require user interaction, but it does require authentication, which limits exposure to some extent. The vulnerability impacts confidentiality by potentially exposing sensitive data but does not affect data integrity or availability. The CVSS v3.1 score of 6.5 reflects a medium severity, considering the ease of exploitation (low complexity), the requirement for authentication, and the potential impact on confidentiality. No public exploits have been reported yet, but the vulnerability poses a significant risk to websites using this plugin, especially those with multiple contributors. The lack of a patch at the time of publication necessitates immediate mitigation steps to prevent exploitation.

For European organizations, this vulnerability poses a risk of unauthorized disclosure of sensitive data stored in WordPress databases, including user information, content, and possibly configuration details. Organizations relying on WordPress sites with multiple contributors are particularly vulnerable, as attackers with Contributor-level access can exploit this flaw to extract confidential information. This could lead to data breaches, regulatory non-compliance (e.g., GDPR violations), reputational damage, and potential financial penalties. The impact is heightened for sectors with stringent data protection requirements such as finance, healthcare, and government institutions. Additionally, compromised WordPress sites can serve as footholds for further attacks, including phishing or malware distribution. The medium severity suggests that while the threat is serious, it is not immediately critical, but timely remediation is essential to prevent escalation.

1. Immediately restrict Contributor-level user permissions to only trusted individuals and review existing user roles to minimize exposure. 2. Monitor and audit Contributor activities for suspicious behavior related to shortcode usage or database queries. 3. Implement Web Application Firewall (WAF) rules specifically designed to detect and block SQL Injection attempts targeting the 'ids' parameter in the WP jQuery Pager plugin. 4. Apply any available patches or updates from the plugin vendor as soon as they are released. 5. If patches are not yet available, consider temporarily disabling the WP jQuery Pager plugin or removing the vulnerable shortcode usage from WordPress content. 6. Harden WordPress installations by enforcing least privilege principles, disabling unnecessary plugins, and keeping all components up to date. 7. Conduct regular security assessments and penetration testing focusing on plugin vulnerabilities. 8. Educate content contributors about secure usage practices and the risks of plugin vulnerabilities. These steps go beyond generic advice by focusing on user role management, targeted WAF rules, and operational controls specific to this vulnerability.