CVE-2025-22783
Published: 27 March 2025
Summary
CVE-2025-22783 is a high-severity SQL Injection (CWE-89) vulnerability in Squirrly Seo Plugin By Squirrly Seo. Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-22783 is an improper neutralization of special elements used in an SQL command, classified as an SQL Injection vulnerability (CWE-89), in the SEO Squirrly SEO WordPress plugin (squirrly-seo) developed by Squirrly SEO. The issue affects the plugin from unknown initial versions through version 12.4.03.
Attackers with low privileges, such as authenticated users, can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. The CVSS v3.1 base score of 8.5 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L) indicates high confidentiality impact across a changed scope, with low availability impact and no integrity impact, enabling potential extraction of sensitive database information.
Mitigation guidance is available in the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/squirrly-seo/vulnerability/wordpress-seo-plugin-by-squirrly-seo-plugin-12-4-03-sql-injection-vulnerability?_s_id=cve.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8509
Vulnerability details
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through <= 12.4.03.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in public-facing WordPress plugin enables remote exploitation of the web application (T1190) by authenticated users and direct extraction of sensitive data from the backend database (T1213.006).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents SQL injection by requiring validation and sanitization of user inputs before incorporation into SQL commands in the Squirrly SEO plugin.
Mitigates the vulnerability through timely flaw remediation by patching the affected Squirrly SEO plugin versions up to 12.4.03.
Supports identification of SQL injection flaws like CVE-2025-22783 via vulnerability scanning of WordPress plugins.