CVE-2025-10575 identifies a SQL Injection vulnerability in the WP jQuery Pager plugin for WordPress, specifically in versions up to and including 1.4.0. The vulnerability is located in the get_gallery_page_imgs() function, which processes the 'ids' shortcode attribute parameter. Due to insufficient escaping and lack of proper query preparation, authenticated users with Contributor-level access or higher can inject additional SQL commands into existing queries. This improper neutralization of special elements (CWE-89) allows attackers to extract sensitive information from the backend database. The attack vector is remote over the network, requiring only low privileges and no user interaction beyond authentication. The CVSS v3.1 base score is 6.5, reflecting a medium severity with high confidentiality impact but no impact on integrity or availability. No patches have been linked yet, and no known exploits are reported in the wild. The vulnerability poses a risk to WordPress sites using this plugin, especially those that allow contributors to add shortcode content. Exploitation could lead to unauthorized data disclosure, including potentially sensitive user or site data stored in the database. The lack of sufficient input sanitization and prepared statements in the plugin’s code is the root cause. This vulnerability underscores the importance of secure coding practices in WordPress plugin development, particularly for user-supplied input handling.

For European organizations, this vulnerability can lead to unauthorized disclosure of sensitive data stored in WordPress databases, including user information, site content, and potentially credentials or configuration details if stored insecurely. Organizations relying on WP jQuery Pager for content pagination and allowing contributor-level users to add shortcode parameters are at risk. The confidentiality breach could result in reputational damage, regulatory non-compliance (e.g., GDPR violations), and potential data privacy incidents. Since the vulnerability does not affect integrity or availability, direct service disruption or data manipulation is unlikely. However, data leakage could facilitate further attacks or social engineering campaigns. The medium severity score indicates a significant but not critical risk, emphasizing the need for timely remediation. European entities with public-facing WordPress sites, especially in sectors like media, education, and government, where contributor roles are common, should be particularly vigilant.

1. Immediately restrict Contributor-level and higher user roles from adding or modifying shortcode attributes until a patch is available. 2. Implement strict input validation and sanitization on all user-supplied shortcode parameters, especially the 'ids' attribute, to ensure only expected numeric or safe values are accepted. 3. Use Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the affected plugin functions. 4. Monitor database query logs for unusual or unexpected queries that may indicate exploitation attempts. 5. Encourage plugin developers or site administrators to update the plugin once a secure version is released. 6. Consider disabling or replacing the WP jQuery Pager plugin if immediate patching is not feasible. 7. Conduct regular security audits and penetration testing focusing on WordPress plugins and user input handling. 8. Educate content contributors about the risks of injecting untrusted content and enforce least privilege principles.