CVE-2026-25371
Received Received - Intake
Blind SQL Injection in Lumise Product Designer Before

Publication date: 2026-03-25

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through < 2.0.9.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-14
NVD
CVE-2026-25371
EUVD
EUVD-2026-15691
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
king-theme lumise_product_designer to 2.0.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The SQL Injection vulnerability in the Lumise Product Designer plugin allows unauthenticated attackers to execute arbitrary SQL commands, potentially leading to data theft or manipulation.

Such unauthorized access and potential data breaches can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access and ensuring data integrity.

Failure to remediate this vulnerability could result in violations of these standards due to compromised confidentiality and integrity of protected data.

Detection Guidance

CVE-2026-25371 is a Blind SQL Injection vulnerability in the WordPress Lumise Product Designer Plugin versions prior to 2.0.9. Detection typically involves monitoring for unusual SQL query patterns or unexpected database behavior caused by injection attempts.

While specific commands are not provided in the available resources, common detection methods include using web application firewalls (WAFs) with rules to detect SQL injection payloads, analyzing web server logs for suspicious input patterns, or employing automated vulnerability scanners that test for SQL injection.

Patchstack offers an immediate mitigation rule to block attacks, which can also help in detecting exploitation attempts by logging blocked requests.

Mitigation Strategies

The primary immediate step to mitigate CVE-2026-25371 is to update the WordPress Lumise Product Designer Plugin to version 2.0.9 or later, which contains the patch for this SQL Injection vulnerability.

Until the update can be applied, Patchstack provides an immediate mitigation rule that can block attacks targeting this vulnerability.

Additionally, employing automated vulnerability management tools, including auto-updates for vulnerable plugins, can help maintain security and prevent exploitation.

Executive Summary

This vulnerability is an SQL Injection issue in the King-Theme Lumise Product Designer software. Specifically, it is a Blind SQL Injection vulnerability, which means that an attacker can inject malicious SQL commands into the software's database queries without directly seeing the results. This can allow the attacker to manipulate the database in unauthorized ways.

Impact Analysis

The Blind SQL Injection vulnerability can allow attackers to access, modify, or delete data within the Lumise Product Designer's database. This can lead to unauthorized data exposure, data corruption, or disruption of the application's normal operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25371. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart