CVE-2025-1323

High

Published: 08 March 2025

Published

08 March 2025

Modified

12 March 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.2727 96.4th percentile

Risk Priority 31 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1323 is a high-severity SQL Injection (CWE-89) vulnerability in Plechevandrey Wp-Recall. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly mitigates SQL injection by requiring validation and sanitization of user-supplied parameters like 'databeat' before incorporation into SQL queries.

SI-2 Flaw Remediation good match

prevent

Ensures timely identification, reporting, and patching of flaws such as the SQL injection vulnerability in the WP-Recall plugin up to version 16.26.10.

SC-7 Boundary Protection partial match

prevent

Boundary protection with web application firewalls can inspect and block malicious SQL injection payloads targeting the vulnerable 'databeat' parameter.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1213.006 Databases Collection

Adversaries may leverage databases to mine valuable information.

attack.mitre.org →

Why these techniques?

SQL injection in public-facing WordPress plugin enables remote unauthenticated exploitation (T1190) and directly facilitates database data extraction (T1213.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the 'databeat' parameter in all versions up to, and including, 16.26.10 due to insufficient escaping on the user supplied parameter and lack of…

sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Deeper analysisAI

CVE-2025-1323 is a SQL injection vulnerability in the WP-Recall – Registration, Profile, Commerce & More plugin for WordPress, affecting all versions up to and including 16.26.10. The flaw arises from insufficient escaping of the user-supplied 'databeat' parameter combined with a lack of sufficient preparation in the existing SQL query, allowing injection of malicious SQL code.

Unauthenticated attackers can exploit this vulnerability remotely with low attack complexity, no required privileges, and no user interaction. Exploitation enables appending additional SQL queries to existing ones, facilitating the extraction of sensitive information from the database. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection').

Mitigation details are available in advisories and patches referenced in the CVE, including a WordPress plugin trac changeset at https://plugins.trac.wordpress.org/changeset/3250094/wp-recall/trunk/add-on/rcl-chat/core.php, which addresses the vulnerable core.php file, and a Wordfence threat intelligence report at https://www.wordfence.com/threat-intel/vulnerabilities/id/ae5b4d81-c2f1-4d0d-b7b0-5556bf0451f5?source=cve.