CVE-2025-22352

CVSS 3.1 Score 7.6 of 10 (high)

Details

Published Jan 7, 2025

CWE ID 89

Summary

CVE-2025-22352 is an SQL Injection vulnerability affecting the ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin. The issue, which occurs up to version 1.4.8, allows an attacker to inject malicious SQL commands blindly due to improper neutralization of special elements. Successful exploitation could result in unauthorized access to sensitive data or the ability to modify or delete information within the affected WordPress installation. Users are advised to upgrade to the latest version of the plugin or consider alternative solutions to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ELEXtensions

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2JMNFz
https://www.cve.org/CVERecord?id=CVE-2025-22352
https://nvd.nist.gov/vuln/detail/CVE-2025-22352

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-22352

CVSS 3.1 Score 7.6 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations