cleantalk
Vulnerabilities and Security Researches

EZ SQL Reports Shortcode Widget and DB Backup, CVE-2025-2319

CVE, Research URL

CVE-2025-2319

Home page URL

Security reports for EZ SQL Reports Shortcode Widget and DB Backup

Application

EZ SQL Reports Shortcode Widget and DB Backup

Published on
Mar 25, 2025
Research Description
The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. This makes it possible for unauthenticated attackers to execute code on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Version 5.25.10 adds a nonce check, which makes this vulnerability exploitable by admins only.
Affected versions
Min 4.11.13, max 5.25.10.
Status
vulnerable
Previous vulnerability researches
EZ SQL Reports Shortcode Widget and DB Backup (CVE-2025-30788) , Apr 02, 2025
EZ SQL Reports Shortcode Widget and DB Backup (CVE-2025-30787) , Apr 02, 2025
EZ SQL Reports Shortcode Widget and DB Backup (CVE-2025-26887) , Feb 25, 2025
EZ SQL Reports Shortcode Widget and DB Backup (01aaecbc-6aae-4a33-ac00-1b14b34f4c71) , Jun 07, 2024
EZ SQL Reports Shortcode Widget and DB Backup (CVE-2025-2319) , Mar 26, 2025
New vulnerability
Address Autocomplete via Google for Gravity Forms (CVE-2025-53263) , Jul 03, 2025
Spoki – Chat Buttons and WooCommerce Notifications (CVE-2025-50026) , Jul 03, 2025
Amazon Products to WooCommerce (CVE-2025-5813) , Jul 03, 2025
Breeze – WordPress Cache Plugin (CVE-2025-23999) , Jul 03, 2025
Twitch TV Embed Suite (CVE-2025-53313) , Jul 03, 2025