CVE-2025-1768: 
WordPress vulnerability analysis and mitigation

The SEO Plugin by Squirrly SEO plugin for WordPress contains a blind SQL Injection vulnerability (CVE-2025-1768) discovered in all versions up to and including 12.4.05. The vulnerability was disclosed on March 7, 2025, and affects the 'search' parameter functionality (NVD).

The vulnerability stems from insufficient escaping of user-supplied parameters and inadequate preparation of existing SQL queries in the 'search' parameter. The severity is rated as MEDIUM with a CVSS v3.1 Base Score of 6.5 (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). The vulnerability is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) (NVD).

When exploited, this vulnerability allows authenticated attackers with Subscriber-level access or higher to append additional SQL queries to existing queries. This capability can be leveraged to extract sensitive information from the database (NVD).

Updates have been released to address this vulnerability, as evidenced by the plugin changelog. Users should upgrade to versions newer than 12.4.05 to protect against this vulnerability (WordPress Plugin).