CVE-2025-3280 – ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes SQL Injection

April 24, 2025

CVE ID : CVE-2025-3280

Published : April 24, 2025, 9:15 a.m. | 1 hour, 28 minutes ago

Description : The ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin for WordPress is vulnerable to SQL Injection via the ‘attribute_value_filter’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3300 – “WordPress WPMasterToolKit Directory Traversal Vulnerability”

Next Article CVE-2025-3776 – WordPress TargetSMS Plugin Remote Code Execution Vulnerability

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

Is Lenovo’s refreshed LOQ tower enough to compete? New OLED monitors raise the stakes at IFA 2025

External Forces Reshaping Financial Services in 2025 and Beyond

External Forces Reshaping Financial Services in 2025 and Beyond

Why It’s Time to Move from SharePoint On-Premises to SharePoint Online

Apple’s Big Move: The Future of Mobile

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

CVE-2025-3280 – ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes SQL Injection

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs

PSA: A 1TB microSD Express card has entered the market — I hope future handheld gaming PCs are compatible with this speedy storage option

This “smart coach” helps LLMs switch between text and code

Warhammer 40,000: Darktide unleashes a violent gameplay reveal for the new upcoming Arbites Class

Metal Gear Solid Delta: Snake Eater — How to pre-order, release dates, story, gameplay, and everything else you need to know

Get a free Amazon gift card up to $300 when you preorder a new Google Pixel 10 phone – here’s how

Rilasciata Deepin 25: La distribuzione GNU/Linux immutabile con assistente vocale e pacchetti universali

Microsoft fixes Surface Hub boot issues with emergency update

1,500+ Minecraft Players Infected by Java Malware Masquerading as Game Mods on GitHub

CVE-2025-3280 – ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes SQL Injection

Related Posts