CVE-2025-49315
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an SQL Injection in the Persian Woocommerce SMS WordPress plugin (up to version 7.0.10). It allows a malicious user with shop manager privileges to manipulate SQL commands and directly interact with the database, potentially leading to data theft or manipulation. [1]
How can this vulnerability impact me? :
The vulnerability can allow an attacker with shop manager privileges to steal or manipulate data in the database. Although the risk is considered low severity, it can lead to unauthorized data access or alteration, which may compromise the integrity and confidentiality of your data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this SQL Injection vulnerability involves checking if the Persian Woocommerce SMS plugin version is 7.0.10 or earlier. Since the vulnerability requires shop manager privileges to exploit, monitoring for unusual database queries or access patterns by shop managers may help. However, plugin-based malware scanners are considered unreliable after compromise. No specific commands are provided in the resources. It is recommended to use professional incident response services or consult hosting providers for thorough detection. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Persian Woocommerce SMS plugin to version 7.1.0 or later, where the vulnerability is fixed. As an immediate protective measure before patching, Patchstack offers virtual patching (vPatching) that auto-mitigates the vulnerability. Additionally, limiting shop manager privileges and monitoring for suspicious activity can help reduce risk. [1]