Cyber Resilience

CVE-2025-22527

High

Published: 09 January 2025

Published
09 January 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
EPSS Score 0.0018 40.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22527 is a high-severity SQL Injection (CWE-89) vulnerability. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-22527 is an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability, classified under CWE-89. It affects the WordPress plugin Mailing Group Listserv (wp-mailing-group) developed by Yamna Khawaja, impacting all versions from n/a through 2.0.9. The vulnerability was published on 2025-01-09.

The vulnerability carries a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L). High-privileged users (PR:H), such as administrators, can exploit it remotely over the network with low attack complexity and no user interaction. Successful exploitation enables high-impact confidentiality violations, such as extracting sensitive data from the database, alongside low availability impact and changed scope, but no integrity impact.

Advisories, including the Patchstack database entry at https://patchstack.com/database/Wordpress/Plugin/wp-mailing-group/vulnerability/wordpress-mailing-group-listserv-plugin-2-0-9-sql-injection-vulnerability?_s_id=cve, detail the SQL injection issue in version 2.0.9 and associated mitigation guidance.

EU & UK References

Vulnerability details

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows SQL Injection.This issue affects Mailing Group Listserv: from n/a through <= 2.0.9.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

SQL injection in public-facing WordPress plugin directly enables exploitation of the web application (T1190) and extraction of data from backend databases (T1213.006).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2019-25537Shared CWE-89
CVE-2019-25366Shared CWE-89
CVE-2019-25496Shared CWE-89
CVE-2026-1475Shared CWE-89
CVE-2026-26990Shared CWE-89
CVE-2026-44047Shared CWE-89
CVE-2025-12865Shared CWE-89
CVE-2024-11135Shared CWE-89
CVE-2019-25491Shared CWE-89
CVE-2024-13369Shared CWE-89

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents SQL injection by requiring validation of user inputs used in SQL commands within the vulnerable wp-mailing-group plugin.

prevent

Ensures timely remediation of the specific SQL injection flaw in wp-mailing-group versions through n/a to 2.0.9 by patching or removing the plugin.

detect

Identifies the CVE-2025-22527 vulnerability in the WordPress plugin through regular vulnerability scanning and monitoring.

References