CVE-2025-27297
Published: 24 February 2025
Summary
CVE-2025-27297 is a high-severity SQL Injection (CWE-89) vulnerability. Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-27297 is an Improper Neutralization of Special Elements used in an SQL Command vulnerability, classified as Blind SQL Injection (CWE-89), affecting the Bravo Search & Replace WordPress plugin (bravo-search-and-replace) developed by guelben. The issue impacts all versions from n/a through 1.0 inclusive. It has a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L), indicating network accessibility, low attack complexity, and requirements for high privileges.
Exploitation requires an authenticated attacker with high privileges, such as an administrator, to interact with the plugin over the network without user interaction. Successful attacks enable blind SQL injection, resulting in high confidentiality impact through data exfiltration and low availability impact, with a changed scope that elevates the consequences beyond the vulnerable component.
The Patchstack advisory documents this SQL injection vulnerability in the Bravo Search & Replace WordPress plugin version 1.0, providing details for security practitioners.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4348
Vulnerability details
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in guelben Bravo Search & Replace bravo-search-and-replace allows Blind SQL Injection.This issue affects Bravo Search & Replace: from n/a through <= 1.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Blind SQL injection vulnerability in a network-accessible WordPress plugin directly enables exploitation of a public-facing web application for data exfiltration.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the improper neutralization of special elements in SQL commands by requiring validation of inputs to the Bravo Search & Replace plugin, preventing blind SQL injection.
Mandates identification, reporting, and correction of the specific SQL injection flaw in vulnerable versions of the Bravo Search & Replace plugin through timely patching.
Enables vulnerability scanning to detect CVE-2025-27297 in the WordPress plugin and prompts remediation to mitigate exploitation risks.