CVE-2025-1323 Scanner

The WP-Recall WordPress plugin is a versatile solution used primarily for enhancing WordPress websites by adding features like user registration, profile management, e-commerce functionalities, and social networking capabilities. It provides site administrators with tools to manage user profiles, facilitate online commerce, and offer community-based interactive features. WP-Recall is widely utilized by businesses and community-oriented websites seeking an easy-to-use tool for comprehensive user management and profile customization. Developed by plechevandrey, the plugin supports various commercial functionalities, such as user registration, online transactions, and customer relationship management. Its intuitive interface allows website owners to seamlessly integrate interactive community features into WordPress sites. The extensive customization options make WP-Recall appealing for businesses, membership sites, and online stores.

The vulnerability identified in WP-Recall involves an unauthenticated SQL Injection vulnerability, affecting versions up to 16.26.10. This flaw originates from inadequate sanitization and validation of user input, particularly within parameters passed to SQL queries. Specifically, the plugin fails to sanitize the 'last_activity' parameter within the rcl_chat_get_new_messages action properly. An attacker could exploit this vulnerability without authentication, injecting malicious SQL queries into the system. This weakness can be exploited to access confidential database information such as usernames, passwords, and other sensitive user data. Consequently, this significantly threatens the privacy and security of website visitors and administrators alike.

The vulnerability resides specifically in the AJAX handling mechanism of the WP-Recall plugin's chat component. The affected endpoint is accessed via POST requests to '/wp-admin/admin-ajax.php', which triggers the vulnerable 'rcl_chat_get_new_messages' action. The SQL injection occurs through inadequate sanitization of the 'datatoken' and 'last_activity' parameters within the AJAX request payload. Attackers can craft specially formed HTTP requests containing SQL injection payloads, leading to arbitrary SQL command execution. This issue affects WP-Recall plugin versions up to and including 16.26.10, exposing databases to unauthorized access and potential data breaches. Immediate rectification through appropriate input validation is recommended to eliminate the vulnerability.

If successfully exploited, attackers could retrieve sensitive database information, including user credentials, potentially leading to unauthorized administrative access or further system compromise. Malicious actors could leverage stolen data to perform targeted attacks against affected users, jeopardizing user privacy and confidentiality. Attackers may escalate privileges or use extracted sensitive information to carry out further targeted attacks against website visitors or administrators. There is also a risk of compliance violations due to the potential unauthorized exposure of private user data. Prompt corrective actions are essential to prevent significant security breaches and protect user information effectively.

REFERENCES

• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-recall/wp-recall
• https://www.wordfence.com/threat-intel/vulnerabilities/id/wordpress-plugins/wp-recall/wp-recall?source=cve