PT-2025-15930 · Woocommerce · Cardgate Payments For Woocommerce

João Pedro S Alcântara

Published

2025-04-10

Updated

2025-04-10

CVE-2025-32119

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions: CardGate Payments for WooCommerce versions n/a through 3.2.1

Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection, which allows Blind SQL Injection.

Recommendations: For versions n/a through 3.2.1, update to a version later than 3.2.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-32119

Affected Products

Cardgate Payments For Woocommerce

PT-2025-15930 · Woocommerce · Cardgate Payments For Woocommerce

CVE-2025-32119

Weakness Enumeration

Related Identifiers

Affected Products

References · 5