CVE-2025-48122 – Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light SQL Injection Vulnerability

June 9, 2025

CVE ID : CVE-2025-48122

Published : June 9, 2025, 4:15 p.m. | 5 hours, 14 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows SQL Injection. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48123 – Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light Code Injection Vulnerability

Next Article CVE-2025-47651 – Infility Global SQL Injection

Highlights

CVE-2025-2806 – TagDiv Composer WordPress Reflected Cross-Site Scripting

May 8, 2025

CVE ID : CVE-2025-2806

Published : May 8, 2025, 12:15 p.m. | 3 hours, 22 minutes ago

Description : The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

‘Job Hugging’ Trend Emerges as Workers Confront AI Uncertainty

Distribution Release: MocaccinoOS 25.09

Composition in CSS

DataCrunch raises €55M to boost EU AI sovereignty with green cloud infrastructure

Finally, safe array methods in JavaScript

Finally, safe array methods in JavaScript

Perficient Interviewed for Forrester Report on AI’s Transformative Role in DXPs

Perficient’s “What If? So What?” Podcast Wins Gold Stevie® Award for Technology Podcast

Distribution Release: MocaccinoOS 25.09

Distribution Release: MocaccinoOS 25.09

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

14 Themes for Beautifying Your Ghostty Terminal

CVE-2025-48122 – Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light SQL Injection Vulnerability

Qantas Airways Slashes CEO Bonus After Cyberattack Exposes 5.7 Million Customers

UAE Cyber Security Council Flags 70% Smart Home Devices as Vulnerable

Xbox’s canceled Perfect Dark reboot was reportedly almost revived by Take-Two — but the deal fell through, and developer Crystal Dynamics was hit with layoffs

New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers

Lexie Hull Mrs Steal Yo Job SHirt

CVE-2025-3981 – “Wowjoy Internet Doctor Workstation System Remote Unauthorized Access Vulnerability”

CVE-2025-2806 – TagDiv Composer WordPress Reflected Cross-Site Scripting

CVE-2025-4326 – MRCMS Cross-Site Scripting Vulnerability

CVE-2025-4342 – D-Link DIR-600L Remote Buffer Overflow Vulnerability

One of last year’s best games is getting a sequel, and I can’t believe it’s coming out this soon

CVE-2025-48122 – Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light SQL Injection Vulnerability

Related Posts