CVE-2025-3280 – ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes SQL Injection

April 24, 2025

CVE ID : CVE-2025-3280

Published : April 24, 2025, 9:15 a.m. | 1 hour, 28 minutes ago

Description : The ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin for WordPress is vulnerable to SQL Injection via the ‘attribute_value_filter’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3300 – “WordPress WPMasterToolKit Directory Traversal Vulnerability”

Next Article CVE-2025-3776 – WordPress TargetSMS Plugin Remote Code Execution Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Microsoft Edge may be getting a redesigned New Tab Page powered by Copilot

Best gaming laptops for playing The Elder Scrolls 4: Oblivion Remastered in 2025

Windows 3.1 is now available for the Game Boy Color… kind of

My favorite File Explorer replacement just got better

Laravel’s AsHtmlString Cast for Elegant HTML Attribute Management

Laravel’s AsHtmlString Cast for Elegant HTML Attribute Management

Safely Retry API calls in Laravel

As an SEO beginner, how can I get traffic for the website I’ve created?

COSMIC Desktop Alpha 7 Brings More New Features

COSMIC Desktop Alpha 7 Brings More New Features

Microsoft Edge may be getting a redesigned New Tab Page powered by Copilot

Best gaming laptops for playing The Elder Scrolls 4: Oblivion Remastered in 2025

CVE-2025-3280 – ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes SQL Injection

April 2025 Patch Tuesday: One Zero-Day and 11 Critical Vulnerabilities Among 121 CVEs

DslogdRAT Malware Deployed in Ivanti Connect Secure Zero-Day Campaign

5G to hit 5.6 billion subscribers in 2029, but 4G will remain dominant in three regions

You can score 10% off a new Apple product if you recycle an old device – for a limited time

What is EQ and why is it an important factor in improving sound?

Microsoft Researchers Introduce Magentic-One: A Modular Multi-Agent System Focused on Enhancing AI Adaptability and Task Completion Across Benchmark Tests

Hyperlight, la libreria Rust open-source creata da Microsoft, permette esecuzioni di micro-VM da 0.0009 secondi

nap – code snippets in your terminal

Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries

Dino Crisis 1 and Dino Crisis 2 have been re-released right now on PC, DRM-free, as part of GOG’s ongoing efforts to preserve games of the past

CVE-2025-3280 – ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes SQL Injection

Related Posts