How severe is CVE-2025-2074?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2025-2074?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2025-2074 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to generic SQL Injection via the ‘sSearch’ parameter in all versions up to, and including, 1.29 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries, particularly when the plugin’s settings page hasn’t been visited and its welcome message has not been dismissed. This issue can be used to extract sensitive information from the database.

Related Vulnerabilities

CVE-2017-16733

MEDIUM

CVSS:5.3(Medium)

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information f...

CWE-892017

CVE-2017-16735

MEDIUM

CVSS:5.3(Medium)

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.

CWE-892017

CVE-2018-17542

MEDIUM

CVSS:5.3(Medium)

SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter ...

CWE-892018

CVE-2018-5443

MEDIUM

CVSS:5.3(Medium)

A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.

CWE-892018

CVE-2019-14430

MEDIUM

CVSS:5.3(Medium)

plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.

CWE-892019

CVE-2019-3797

MEDIUM

CVSS:5.3(Medium)

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more resul...

CWE-892019