Cyber Posture

CVE-2025-27297

High

Published: 24 February 2025

Published
24 February 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score 7.6 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
EPSS Score 0.0018 39.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2025-27297 is an Improper Neutralization of Special Elements used in an SQL Command vulnerability, classified as Blind SQL Injection (CWE-89), affecting the Bravo Search & Replace WordPress plugin (bravo-search-and-replace) developed by guelben. The issue impacts all versions from n/a through 1.0 inclusive. It has a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L), indicating network accessibility, low attack complexity, and requirements for high privileges.

Exploitation requires an authenticated attacker with high privileges, such as an administrator, to interact with the plugin over the network without user interaction. Successful attacks enable blind SQL injection, resulting in high confidentiality impact through data exfiltration and low availability impact, with a changed scope that elevates the consequences beyond the vulnerable component.

The Patchstack advisory documents this SQL injection vulnerability in the Bravo Search & Replace WordPress plugin version 1.0, providing details for security practitioners.

Details

CWE(s)
CWE-89

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Blind SQL injection vulnerability in a network-accessible WordPress plugin directly enables exploitation of a public-facing web application for data exfiltration.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References