A high-severity SQL Injection vulnerability in the Ads Pro Plugin for WordPress allows an unauthenticated attacker to execute arbitrary SQL commands, potentially leading to a full compromise of the affected website's database.**

The plugin is vulnerable to SQL Injection due to improper sanitization of user-supplied input in the $id variable of the getSpace() function. An unauthenticated attacker can exploit this flaw by sending a specially crafted request to inject and execute malicious SQL queries against the underlying WordPress database.

A successful exploit of this vulnerability could allow an attacker to exfiltrate sensitive information from the database, including user credentials, personal data, and website content. This could lead to unauthorized access, data breach, reputational damage, and potentially a complete system compromise. The assigned CVSS score of 7.5 reflects the high severity of this issue.

Immediate Action: Administrators should immediately update the Ads Pro Plugin to the latest version provided by the vendor. If the plugin is not essential for business operations, it should be deactivated and uninstalled as a permanent mitigation.

Proactive Monitoring: Review web server access logs and database logs for suspicious queries or anomalous requests targeting the application. Monitor for indicators of compromise, such as unexpected content changes or new administrative accounts.

Compensating Controls: Deploy a Web Application Firewall (WAF) with a robust SQL injection ruleset. This can serve as a virtual patch to block exploitation attempts while a permanent software update is being tested and deployed.

Public Exploit Available: false

Given the high severity of this vulnerability and the risk of a complete database compromise, immediate action is required. We strongly recommend that all administrators running the affected plugin apply the vendor-supplied update or remove the plugin without delay. Prioritize this remediation to prevent unauthorized access and protect sensitive website data.