CVE-2025-1323

7.5 HIGH

SQL Injection

📋 TL;DR

This SQL injection vulnerability in the WP-Recall WordPress plugin allows unauthenticated attackers to inject malicious SQL queries via the 'databeat' parameter. Attackers can extract sensitive information from the database, including user credentials and other confidential data. All WordPress sites using WP-Recall plugin versions up to 16.26.10 are affected.

💻 Affected Systems

Products:

• WP-Recall - Registration, Profile, Commerce & More WordPress plugin

Versions: All versions up to and including 16.26.10

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with vulnerable plugin versions are affected regardless of configuration.

📦 What is this software?

Wp Recall by Plechevandrey

View all CVEs affecting Wp Recall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, and potential site takeover.

🟠

Likely Case

Extraction of sensitive user data including usernames, emails, and potentially hashed passwords.

🟢

If Mitigated

Limited data exposure if database permissions are properly restricted and input validation is implemented elsewhere.

🌐 Internet-Facing: HIGH - Unauthenticated exploitation makes all internet-facing WordPress sites with this plugin vulnerable.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but attack surface is reduced compared to internet-facing systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires understanding of SQL injection techniques but is accessible to moderately skilled attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 16.26.10

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3250094/wp-recall/trunk/add-on/rcl-chat/core.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WP-Recall plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin, then install latest version from WordPress repository.

🔧 Temporary Workarounds

Input Validation Web Application Firewall Rule

all

Block requests containing SQL injection patterns in the 'databeat' parameter

Temporary Plugin Deactivation

WordPress CLI

Disable WP-Recall plugin until patched version is available

Copy

wp plugin deactivate wp-recall

🧯 If You Can't Patch

• Implement web application firewall (WAF) rules to block SQL injection patterns
• Restrict database user permissions to read-only for the application account

🔍 How to Verify

Check if Vulnerable:

Copy

Check WordPress admin panel → Plugins → Installed Plugins → WP-Recall version. If version is 16.26.10 or lower, you are vulnerable.

Check Version:

Copy

wp plugin list --name=wp-recall --field=version

Verify Fix Applied:

Copy

After update, verify WP-Recall plugin version is higher than 16.26.10 in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

• Unusual SQL queries in database logs
• Multiple requests with 'databeat' parameter containing SQL keywords
• Increased error rates from database

Network Indicators:

• HTTP POST requests to WordPress endpoints with SQL injection patterns in parameters
• Unusual data extraction patterns from database

SIEM Query:

Copy

source="web_logs" AND (uri_path="*wp-recall*" OR uri_path="*rcl-chat*") AND (param="databeat" AND value="*UNION*" OR value="*SELECT*" OR value="*INSERT*" OR value="*DELETE*")

📊 Metadata

CVE ID: CVE-2025-1323

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

EPSS Score: 53.21% exploit probability (97.9th percentile)

Published: March 8, 2025

Last Updated: March 12, 2025

🔗 References

• https://plugins.trac.wordpress.org/changeset/3250094/wp-recall/trunk/add-on/rcl-chat/core.php Patch
• https://www.wordfence.com/threat-intel/vulnerabilities/id/ae5b4d81-c2f1-4d0d-b7b0-5556bf0451f5?source=cve Third Party Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1323, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)

CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)

CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)