—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

SQL injection Vulnerability in WPRecovery plugin for WordPress 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

WordPress Plugin WPRecovery – versions up to and including 2.0

Overview

A vulnerability has been reported in WPRecovery plugin for WordPress which could allow an unauthenticated attacker to disclose sensitive information or delete arbitrary files on the targeted system.

Target Audience:

Users of affected WordPress Plugins.

Risk Assessment:

High risk of remote sensitive information disclosure and arbitrary file deletion.

Impact Assessment:

Potential for database manipulation, and denial-of-service (DoS) condition.

Description

WPRecovery is a WordPress plugin that helps website owners easily restore, back up, and recover their WordPress sites from crashes, errors, or malware attacks.

The vulnerability exists in the WPRecovery plugin for WordPress due to insufficient escaping of the user-supplied ‘data[id]’ parameter and lack of proper preparation of the SQL query, allowing unauthenticated attackers to append additional SQL statements and extract sensitive data from the database. The injected result is then passed to PHPs unlink () function, enabling deletion of arbitrary files on the server.

Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to disclose sensitive information or delete arbitrary files on the targeted system.

Solution

Apply the necessary patches as provided by the vendor:

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wprecovery/wprecovery-20-unauthenticated-sql-injection-to-arbitrary-file-deletion

Vendor Information

WPRecovery

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wprecovery/wprecovery-20-unauthenticated-sql-injection-to-arbitrary-file-deletion

References

WordFence

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wprecovery/wprecovery-20-unauthenticated-sql-injection-to-arbitrary-file-deletion

CVE Name

CVE-2025-10726

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkMoecACgkQ3jCgcSdc

ys8vmg//ZMUs4ZGanA0h8N9ZSj7qw9FK9jC4W0U6NJW6wiVJCbLicFAzA8UandZi

Vyx2I9xle/YC5hb85Yuq5LekVy629A+SmHm0gYM+3VBQQcqPiHV/Ro8DHsa8C+Vs

LjRWmVmK/rEXFwn8k/XGUrPq8kY0j/MY2DNVsITF4B6eHsZunyEvyLmCZpIfEusq

tncPGyaM0mpsDdepelHaXCP13Ei3H0vj7eSOYQGodHblzD3KF3R3j9hrXurbUVkB

N1ytIJaARLJOAwTUKH1kje6cxhaZCMe7ht3me29OX17JIZnVpIUKEY+GJvbHjn/e

oJJwZ9CkgYLA62EyfYN04TSgiGCpBk6ZZpbFzDgKQkcFHQzuGQHPZZ3pp15A46po

v1PavB9WSf1DlKlBwT+rTa7dSYftjbvhRptoDYRE46mf/YDuIgTXF38BJVYqsGp4

w73f3qhEHNiSFcOPztHakFU33fMMGQre+5MSzVv9FWeF5K5a6o6F8G6Eo5hcdavc

Ilc3/yUDeHKeAwkIM5HBJK0Via88ZggVa3dO+B3QQyQzyck10dBYrqqjaXZcbAAw

tESi/Hgxz3OL02IEsqYOywMM1AHemrA4DR4PO7PrylpWBaaQKXBG9+ponW9O1f9/

j4uYN/O3tu84qRBk773xlORyCpFxs+zU1V75MFSIh+96mD6GKiM=

=4kbp

—–END PGP SIGNATURE—–