CVE-2025-24767
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a high-severity SQL Injection issue in the WordPress TicketBAI Facturas para WooCommerce plugin (up to version 3.19). It allows unauthenticated attackers to execute arbitrary SQL commands on the database by improperly neutralizing special elements in SQL commands, specifically enabling Blind SQL Injection. This means attackers can potentially steal or manipulate data without needing authentication. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized data theft or manipulation by attackers who can execute arbitrary SQL commands on the affected database. This can compromise sensitive information, disrupt service availability with limited impact on availability, and potentially lead to further exploitation or data breaches. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this SQL Injection vulnerability can involve monitoring for unusual or unauthorized SQL queries targeting the TicketBAI Facturas para WooCommerce plugin. Since the vulnerability allows unauthenticated attackers to execute arbitrary SQL commands, network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to look for suspicious SQL injection patterns in HTTP requests. Additionally, applying the Patchstack virtual patch includes blocking attack attempts, which can help in detection. Specific commands are not provided in the resources, but monitoring web server logs for suspicious payloads or using tools like sqlmap to test for SQL injection may be helpful. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the Patchstack virtual patch (vPatch) which blocks attack attempts targeting this vulnerability until an official fix is released. Users should monitor for official updates from the plugin developers and apply them once available. If a compromise is suspected, professional incident response and server-side malware scanning are recommended, as plugin-based malware scanners alone may not be sufficient. Rapid application of the virtual patch is strongly advised due to the high risk and likelihood of mass exploitation. [1]