SQL Injection Vulnerability in Bravo Search & Replace from Guelben
CVE-2025-27297

7.6HIGH

Key Information:

Vendor: Guelben
Status: Bravo Search & Replace
Vendor: CVE Published:; 24 February 2025

Summary

The Bravo Search & Replace plugin by Guelben contains a vulnerability that allows for Blind SQL Injection. This flaw occurs due to improper neutralization of special elements in SQL commands, potentially enabling attackers to manipulate database queries and extract sensitive information. Users of Bravo Search & Replace versions up to 1.0 should take prompt action to mitigate the risks associated with this exploitation.

Affected Version(s)

Bravo Search & Replace <= 1.0

References

https://patchstack.com/database/wordpress/plugin/bravo-se...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 24, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Phan Trong Quan - VNPT Cyber Immunity (Patchstack Alliance)