CVE-2025-1323 Scanner

WP-Recall is a popular WordPress plugin used to enhance user registration, profile management, and commerce functionalities. It's widely implemented by WordPress site administrators seeking robust community features. The plugin facilitates a customizable registration process and enriches user interaction through a commerce system. Due to its broad application in managing sensitive user areas like registrations and profiles, WP-Recall is critical to maintaining secure WordPress environments. Many small to medium-sized enterprises rely on it for creating user-friendly interfaces without needing extensive technical expertise. Its application predominantly spans across personal blogs, community forums, and commercial platforms requiring streamlined user interactions.

The SQL Injection vulnerability in WP-Recall, identified as CVE-2025-1323, is a serious concern that allows unauthorized database manipulations. This vulnerability arises from insufficient escaping and preparation of the 'databeat' parameter. Malicious actors can exploit this flaw to inject and execute uncontrolled SQL commands, potentially gaining unauthorized access to sensitive information. With its discovery in versions 16.26.10 and earlier, the vulnerability exposes sites to data breaches. This flaw undermines the integrity of database transactions and can be triggered without user authentication, increasing its criticality. Immediate remediation measures are essential to protect sites employing this plugin.

From a technical perspective, the vulnerability lies in the 'databeat' parameter used within POST requests to '/wp-admin/admin-ajax.php'. The parameter is insufficiently sanitized, allowing SQL queries to be appended via inputs like the 'last_activity' field. Attackers can exploit this by inserting payloads to execute arbitrary SQL commands. The vulnerability enables the extraction of database information such as version details or user credentials. By crafting specific request payloads, attackers manipulate server responses to retrieve protected data. Secure encoding and parameter handling are absent, facilitating attack vectors easily.

Exploiting this SQL Injection flaw could lead to severe database constraints, including unauthorized data access and potential data breaches. Malicious actors might leverage the vulnerability to extract or alter sensitive user information. Persistent exploitation could render the site's database unusable, compromise user accounts, and lead to reputational damage. The resulting data exfiltration puts user privacy at risk and exposes vulnerabilities in related web applications. In a worst-case scenario, attackers might gain administrative database access, executing arbitrary commands that compromise server integrity.

REFERENCES

• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-recall/wp-recall-registration-profile-commerce-more-162610-unauthenticated-sql-injection
• https://www.wordfence.com/threat-intel/vulnerabilities/id/ae5b4d81-c2f1-4d0d-b7b0-5556bf0451f5?source=cve