CVE-2025-58788
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | license_manager_for_woocommerce | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to unauthorized access or theft of sensitive data stored in the plugin's database. Since it requires administrator privileges, the impact is limited to users who have such access, but it can still result in data breaches and potential service disruption. [1]
Can you explain this vulnerability to me?
This vulnerability is an SQL Injection issue in the License Manager for WooCommerce plugin (up to version 3.0.12). It allows a malicious user with administrator privileges to perform Blind SQL Injection attacks, enabling them to interact directly with the plugin's database and potentially access or steal data without proper authorization. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability is challenging because plugin-based malware scanners may be unreliable. Since the vulnerability requires administrator privileges to exploit, monitoring for unusual administrator activity or unauthorized database interactions may help. No specific detection commands are provided. Users are advised to consider professional incident response services if compromise is suspected. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include maintaining strict security of administrator privileges to prevent unauthorized access. Since no official patch is available, using Patchstack's virtual patching (vPatching) is recommended as it auto-mitigates the vulnerability without performance loss. Additionally, consider professional incident response services if you suspect compromise. [1]