A high-severity vulnerability has been identified in the CleverReach® WP WordPress plugin, which could allow an unauthenticated attacker to steal sensitive information from the website's database. This flaw, a time-based SQL Injection, can be exploited remotely to extract data such as user credentials, personal information, and confidential site content. Organizations using this plugin are at significant risk of a data breach and should take immediate action to mitigate the threat.

The vulnerability is a time-based blind SQL Injection. An unauthenticated attacker can send specially crafted SQL queries through the 'title' parameter of the plugin. By injecting commands that cause a time delay in the database response (e.g., SLEEP()), the attacker can infer the contents of the database one character at a time based on how long the server takes to respond. This allows for the gradual exfiltration of sensitive data without directly seeing the query output.

This vulnerability is rated as High severity with a CVSS score of 7.5. Successful exploitation could lead to a complete compromise of the confidentiality of the website's database. The potential business impact includes the theft of sensitive customer data, user credentials, and proprietary business information, leading to significant reputational damage, financial loss, and potential regulatory penalties (e.g., under GDPR or CCPA). Furthermore, stolen administrator credentials could be used to gain full control over the affected WordPress site, enabling further malicious activities.

Immediate Action: The primary remediation is to update the CleverReach® WP plugin to the latest patched version (greater than version 1) as recommended by the vendor. If the plugin is not essential for business operations, the most secure course of action is to deactivate and completely remove it to eliminate the attack surface.

Proactive Monitoring: Monitor web server access logs for unusual or lengthy requests targeting the plugin's functionality, specifically looking for malicious payloads in the 'title' parameter. Implement and review Web Application Firewall (WAF) logs for alerts related to SQL Injection attempts. Database monitoring should be configured to flag abnormally long-running queries or those containing SLEEP or BENCHMARK commands.

Compensating Controls: If patching cannot be performed immediately, deploy a properly configured Web Application Firewall (WAF) with rules designed to detect and block SQL Injection attacks. This can serve as a virtual patch by inspecting incoming traffic and blocking malicious requests before they reach the vulnerable plugin. Additionally, ensure the database user associated with WordPress has the least privileges necessary, which can limit the scope of data an attacker can access if the exploit is successful.

Public Exploit Available: False

Given the High severity rating (CVSS 7.5) and the risk of a complete database compromise, we strongly recommend that organizations immediately identify all WordPress instances running the vulnerable CleverReach® WP plugin. The plugin must be updated to the latest secure version without delay. If the plugin is no longer required, it should be removed entirely. The lack of a "Yes" on the CISA KEV list should not be a reason for inaction; proactive patching is critical to prevent exploitation by opportunistic attackers who actively target WordPress vulnerabilities.