CVE-2025-10575 identifies a SQL Injection vulnerability in the WP jQuery Pager plugin for WordPress, specifically in all versions up to and including 1.4.0. The vulnerability is rooted in the WPJqueryPaged::get_gallery_page_imgs() function, which processes the 'ids' shortcode attribute parameter. This parameter is insufficiently escaped and the SQL queries are not properly prepared, allowing an attacker with Contributor-level or higher privileges to append arbitrary SQL commands to existing queries. This improper neutralization of special elements in SQL commands (CWE-89) enables attackers to extract sensitive information from the WordPress database, such as user data or site configuration details. The attack vector requires network access and authentication but no user interaction, making it a relatively accessible threat for authenticated users with limited privileges. The CVSS 3.1 base score is 6.5, reflecting a medium severity due to the high confidentiality impact but no impact on integrity or availability. No patches or known exploits are currently available, increasing the urgency for proactive mitigation. The vulnerability affects all plugin versions up to 1.4.0, which is widely used in WordPress sites for paginating galleries, making the attack surface significant in environments where this plugin is installed and contributors have editing rights.

The primary impact of this vulnerability is unauthorized disclosure of sensitive information from the WordPress database. Attackers with Contributor-level access can leverage this flaw to extract data beyond their privileges, potentially including user credentials, personal data, or site configuration details. This breach of confidentiality can lead to further attacks such as privilege escalation, targeted phishing, or site compromise. Since the vulnerability does not affect data integrity or availability, it does not directly enable data modification or denial of service. However, the exposure of sensitive data can have severe reputational and compliance consequences for organizations. Given WordPress's widespread use globally, especially among small to medium enterprises and content-driven websites, the risk is substantial. The requirement for authenticated access limits exploitation to insiders or compromised accounts, but such scenarios are common in collaborative environments. The lack of known exploits in the wild suggests this vulnerability is not yet actively weaponized, but the medium severity score and ease of exploitation warrant immediate attention.

To mitigate CVE-2025-10575, organizations should first verify if the WP jQuery Pager plugin is installed and identify the version in use. Since no official patches are currently available, administrators should consider temporarily disabling the plugin or restricting its use to trusted users only. Implement strict role-based access controls to limit Contributor-level permissions to trusted personnel. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious SQL injection patterns targeting the 'ids' parameter. Review and sanitize all shortcode inputs rigorously, applying parameterized queries or prepared statements if custom development is involved. Monitor database logs and WordPress activity logs for unusual query patterns or data access anomalies. Educate content contributors about the risks of plugin misuse and enforce strong authentication mechanisms to reduce the risk of account compromise. Stay updated with vendor announcements for patches or updates addressing this vulnerability and apply them promptly once available.