Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through <= 12.4.03.
Published: 2025-03-27
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an instance of CWE-89, where improper neutralization of special elements allows an attacker to inject and execute arbitrary SQL commands against the WordPress database. An adversary who can supply crafted input could read sensitive data, modify or delete records, and potentially disrupt site functionality. This compromises the confidentiality, integrity, and availability of the site’s data.

Affected Systems

Any WordPress site running the SEO Squirrly SEO Plugin by Squirrly SEO with a version up to and including 12.4.03 is affected. The vendor is SEO Squirrly: SEO Plugin by Squirrly SEO. No other product or version information is provided.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity vulnerability. The EPSS score of less than 1% suggests that, at the time of analysis, the probability of exploitation is currently low, and it is not listed in the CISA KEV catalog. The likely attack vector is remote via web interfaces that accept user input into the plugin’s configuration or submission pages. Bypassing authentication or requiring only standard user access cannot be confirmed from the data, so it is inferred that an attacker could exploit the flaw through publicly accessible plugin endpoints if not properly restricted.

Generated by OpenCVE AI on May 2, 2026 at 03:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the SEO Squirrly SEO Plugin to a version newer than 12.4.03.
  • If an upgrade is not immediately feasible, temporarily disable or uninstall the plugin to remove the attack surface.
  • Configure a Web Application Firewall (WAF) rule to block suspicious SQL injection payloads targeting the plugin’s input parameters.

Generated by OpenCVE AI on May 2, 2026 at 03:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8509 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.4.03.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.4.03. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through <= 12.4.03.
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Tue, 01 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Squirrly
Squirrly seo Plugin By Squirrly Seo
CPEs cpe:2.3:a:squirrly:seo_plugin_by_squirrly_seo:*:*:*:*:*:wordpress:*:*
Vendors & Products Squirrly
Squirrly seo Plugin By Squirrly Seo

Thu, 27 Mar 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 27 Mar 2025 16:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.4.03.
Title WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.03 - SQL Injection vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

Squirrly Seo Plugin By Squirrly Seo
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:07.099Z

Reserved: 2025-01-07T21:05:06.988Z

Link: CVE-2025-22783

cve-icon Vulnrichment

Updated: 2025-03-27T17:50:05.350Z

cve-icon NVD

Status : Modified

Published: 2025-03-27T16:15:29.787

Modified: 2026-04-23T15:23:36.457

Link: CVE-2025-22783

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T03:15:06Z

Weaknesses