PT-2025-36366 · WordPress · Elex Woocommerce Google Shopping Plugin

Đức Tài

Publicado

2025-09-06

Atualizado

2025-09-10

CVE-2025-10046

CVSS v3.1

4.9

Média

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ELEX WooCommerce Google Shopping plugin for WordPress versions up to and including 1.4.3

Description The ELEX WooCommerce Google Shopping plugin for WordPress is susceptible to SQL Injection through the file to delete parameter. Insufficient escaping of user-supplied input and inadequate preparation of existing SQL queries allow authenticated attackers with Administrator-level access or higher to inject additional SQL queries. This can lead to the extraction of sensitive information from the database.

Recommendations Update ELEX WooCommerce Google Shopping plugin to a version later than 1.4.3.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2025-10046

Produtos afetados

Elex Woocommerce Google Shopping Plugin

PT-2025-36366 · WordPress · Elex Woocommerce Google Shopping Plugin

CVE-2025-10046

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11