CVE-2025-2074 – This SQL injection vulnerability in the Advance... (How to Fix)

Q: What is the severity of CVE-2025-2074?

CVE-2025-2074 has a CVSS score of 5.3 (MEDIUM). This SQL injection vulnerability in the Advanced Google reCAPTCHA WordPress plugin allows authenticated attackers with Subscriber-level access or higher to execute arbitrary SQL queries. Attackers can extract sensitive information from the database when the plugin's settings page hasn't been visited and its welcome message hasn't been dismissed. All WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

This SQL injection vulnerability in the Advanced Google reCAPTCHA WordPress plugin allows authenticated attackers with Subscriber-level access or higher to execute arbitrary SQL queries. Attackers can extract sensitive information from the database when the plugin's settings page hasn't been visited and its welcome message hasn't been dismissed. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

Advanced Google reCAPTCHA WordPress Plugin

Versions: All versions up to and including 1.29

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is active when plugin settings page hasn't been visited and welcome message hasn't been dismissed.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including extraction of user credentials, sensitive site data, and potential privilege escalation to full administrative control.

🟠

Likely Case

Extraction of sensitive information like user emails, hashed passwords, and plugin configuration data leading to further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation, database permissions, and monitoring in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated access (Subscriber-level or higher). SQL injection is well-understood and easily weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.30 or later

Vendor Advisory: https://wordpress.org/plugins/advanced-google-recaptcha/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Advanced Google reCAPTCHA. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 1.30+ from WordPress.org and replace plugin files.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched.

wp plugin deactivate advanced-google-recaptcha

Visit Plugin Settings

all

Visit the plugin settings page and dismiss welcome message to trigger condition that may mitigate vulnerability.

🧯 If You Can't Patch

Restrict database user permissions to SELECT only for plugin database operations
Implement web application firewall (WAF) rules to block SQL injection patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Advanced Google reCAPTCHA → Version. If version is 1.29 or lower, you are vulnerable.

Check Version:

wp plugin get advanced-google-recaptcha --field=version

Verify Fix Applied:

Verify plugin version is 1.30 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in WordPress/database logs
Multiple failed login attempts followed by plugin-specific requests
Requests to /wp-admin/admin-ajax.php with suspicious sSearch parameters

Network Indicators:

POST requests to admin-ajax.php with SQL injection patterns in parameters
Unusual database connection patterns from web server

SIEM Query:

source="wordpress.log" AND ("sSearch" OR "admin-ajax.php") AND ("UNION" OR "SELECT" OR "INSERT" OR "DELETE" OR "--" OR "' OR '")

📊 Metadata

CVE ID: CVE-2025-2074

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

EPSS Score: 0.17% exploit probability (38.7th percentile)

Published: March 28, 2025

Last Updated: March 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2074, you might also want to check these: