CVE-2025-5287 PoC — WordPress plugin Likes and Dislikes Plugin SQL注入漏洞

Source

https://github.com/wiseep/CVE-2025-5287

Associated Vulnerability

Title:WordPress plugin Likes and Dislikes Plugin SQL注入漏洞 (CVE-2025-5287)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Likes and Dislikes Plugin 1.0.0版本存在SQL注入漏洞，该漏洞源于post参数清理不足，可能导致SQL注入。

Description

Wordpress likes and dislikes add-on - SQL Injection

Readme

**Description:**

It is an exploit code that works for multiple urls and multi thread for Unauth Sql Injection on Wp plugin with CVE-2025-5287


**Example usage:**

usage: CVE-2025-5287.py [-h] --file FILE [--fudge FUDGE] [--timeout TIMEOUT] [--threads THREADS] [--proxy PROXY]

Time-Based SQLi Checker (Clean, Threaded, Proxy-Support)

**Optional arguments:**

 **-h, --help**        show this help message and exit

  **--file FILE**       File with base URLs (e.g. http://example.com)
  
  **--fudge FUDGE**    Extra time allowance for delay detection
  
  **--timeout TIMEOUT**  Request timeout in seconds
  
  **--threads THREADS**  Number of concurrent threads
  
  **--proxy PROXY**      Proxy to use (e.g. 5.5.5.5:8080)

File Snapshot


 [4.0K]  /data/pocs/699ab89db4da2771adf8b199513d642843debfe6
├── [3.0K]  CVE-2025-5287.py
└── [ 733]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!