平台
wordpress
组件
chatlive
修复版本
2.0.2
CVE-2025-27302 describes a SQL Injection vulnerability discovered in the CHATLIVE WordPress plugin. This flaw allows attackers to inject malicious SQL code, potentially leading to unauthorized data access and manipulation. The vulnerability impacts versions from 0.0.0 through 2.0.1, and a patch is available in version 2.0.2.
Successful exploitation of this SQL Injection vulnerability could grant an attacker complete control over the underlying database. They could extract sensitive user data, including usernames, passwords, and personal information. Furthermore, an attacker could modify or delete data, disrupt the plugin's functionality, or even gain access to the entire WordPress installation. The potential for data exfiltration and system compromise makes this a high-severity risk, particularly for sites relying on CHATLIVE for critical functionality.
CVE-2025-27302 was publicly disclosed on 2025-04-17. The vulnerability's simplicity and the widespread use of WordPress plugins suggest a potential for exploitation. While no public exploits have been confirmed at the time of writing, the CRITICAL CVSS score indicates a high probability of exploitation if left unpatched. Monitor security advisories and threat intelligence feeds for any signs of active campaigns targeting this vulnerability.
Websites utilizing the CHATLIVE WordPress plugin, particularly those handling sensitive user data or relying on the plugin for critical functionality, are at significant risk. Shared hosting environments where plugin updates are managed centrally are also vulnerable if they haven't applied the patch.
• wordpress / composer / npm:
grep -r "CHATLIVE" /var/www/html/wp-content/plugins/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/CHATLIVE/ | grep SQL• wordpress / composer / npm:
wp plugin list | grep CHATLIVEdisclosure
漏洞利用状态
EPSS
0.23% (46% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-27302 is to immediately upgrade the CHATLIVE plugin to version 2.0.2 or later. If upgrading is not feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin to prevent exploitation. Implementing a Web Application Firewall (WAF) with SQL Injection protection rules can provide an additional layer of defense. Regularly review WordPress plugin security best practices and ensure all plugins are from trusted sources.
Actualice el plugin CHATLIVE a la última versión disponible para mitigar la vulnerabilidad de inyección SQL. Verifique las actualizaciones del plugin directamente en el panel de administración de WordPress o a través del repositorio oficial de WordPress.org. Implemente medidas de seguridad adicionales, como la validación y el saneamiento de las entradas del usuario, para prevenir futuras vulnerabilidades.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-27302 is a critical SQL Injection vulnerability affecting the CHATLIVE WordPress plugin, allowing attackers to inject malicious SQL code and potentially access sensitive data.
If you are using CHATLIVE version 0.0.0 through 2.0.1 on your WordPress site, you are vulnerable to this SQL Injection vulnerability.
Upgrade the CHATLIVE plugin to version 2.0.2 or later to resolve the vulnerability. If immediate upgrade is not possible, disable the plugin temporarily.
While no confirmed active exploitation has been reported, the CRITICAL severity suggests a high probability of exploitation if the vulnerability remains unpatched.
Refer to the CHATLIVE plugin's official website or WordPress plugin repository for the latest security advisory and update information.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。