CVE-2025-69045
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fooevents | fooevents_for_woocommerce | to 1.20.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-69045 is a high-priority SQL Injection vulnerability in the FooEvents for WooCommerce WordPress plugin up to version 1.20.4. It allows a malicious user with subscriber or developer privileges to inject malicious SQL commands, enabling them to interact directly with the database. This can lead to unauthorized data access or manipulation. The vulnerability is classified under OWASP Top 10 A3: Injection and has a CVSS severity score of 8.5, indicating a serious security risk. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers with relatively low privileges (subscriber or developer) to execute arbitrary SQL commands on the database. This can result in data theft, unauthorized data modification, or corruption, potentially compromising the integrity and confidentiality of your data. Exploitation of this vulnerability can severely impact the security of your WooCommerce store and its users. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this SQL Injection vulnerability can be done by monitoring for unusual database queries or suspicious activity from users with subscriber or developer privileges. Patchstack provides a rule to block attacks targeting this vulnerability, which can be used to detect exploitation attempts. Specific commands are not provided in the resources, but enabling such rules or monitoring logs for injection patterns is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the FooEvents for WooCommerce plugin to version 1.20.5 or later, where the vulnerability is fixed. Until then, users can apply the Patchstack rule to block attacks targeting this vulnerability and enable auto-updates for vulnerable plugins to ensure protection. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This SQL Injection vulnerability allows unauthorized database interaction, potentially leading to data theft or manipulation. Such data breaches can result in non-compliance with standards like GDPR and HIPAA, which require protection of personal and sensitive data. Therefore, exploitation of this vulnerability could lead to violations of these regulations due to compromised data confidentiality and integrity. [1]