CVE-2025-1323 [CRITICAL] :

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the 'databeat' parameter in all versions up to, and including, 16.26.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

The Red Canary Blog

blog

Explore the Red Canary blog for expert tips on increasing visibility, expanding detection coverage, and improving information security. Security teams need an ally to help defend against adversaries. Check out our blog for breaking research and insights into threat detection, intelligence, and incident response.

Visit Website

Listed: Tue Jul 02 2024