Plattform
wordpress
Komponente
sms-alert
Behoben in
3.8.2
CVE-2025-47682 describes a SQL Injection vulnerability discovered in Cozy Vision SMS Alert Order Notifications. This flaw allows attackers to inject malicious SQL code, potentially gaining unauthorized access to sensitive data and compromising the system. The vulnerability affects versions from 0.0.0 up to and including 3.8.1, and a patch is available in version 3.8.3.
Successful exploitation of this SQL Injection vulnerability could allow an attacker to bypass authentication mechanisms and directly query the database. This could lead to the exfiltration of sensitive data such as customer information, order details, and potentially administrative credentials. Depending on the database schema and permissions, an attacker might even be able to modify or delete data, leading to significant operational disruption. The impact is particularly severe given the potential for unauthorized access to customer data, which could result in regulatory fines and reputational damage. The ability to execute arbitrary SQL commands grants a high degree of control over the affected system, making this a critical security concern.
CVE-2025-47682 was publicly disclosed on 2025-05-12. The vulnerability's severity is classified as CRITICAL with a CVSS score of 9.3. As of the current date, no public proof-of-concept exploits have been identified, but the ease of SQL Injection exploitation suggests a high probability of exploitation if left unpatched. It is recommended to prioritize remediation efforts.
WordPress websites utilizing the Cozy Vision SMS Alert Order Notifications plugin, particularly those running versions 0.0.0 through 3.8.1, are at significant risk. Shared hosting environments where multiple websites share the same database are especially vulnerable, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r "SELECT .* FROM" /var/www/html/wp-content/plugins/sms-alert-order-notifications/• generic web:
curl -I https://your-wordpress-site.com/wp-admin/admin-ajax.php?action=sms_alert_get_orders | grep SQLdisclosure
Exploit-Status
EPSS
0.24% (47% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-47682 is to immediately upgrade Cozy Vision SMS Alert Order Notifications to version 3.8.3 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with SQL Injection protection rules to filter malicious requests. Additionally, review and restrict database user permissions to minimize the potential impact of a successful attack. Input validation and parameterized queries should be implemented in any custom code interacting with the database. After upgrading, confirm the vulnerability is resolved by attempting a SQL injection payload through the vulnerable endpoint and verifying that it is properly sanitized.
Actualice el plugin SMS Alert Order Notifications a una versión corregida. Verifique el sitio web del desarrollador o el repositorio de WordPress para obtener la última versión disponible. Como medida de seguridad adicional, considere implementar un firewall de aplicaciones web (WAF) para mitigar posibles ataques de inyección SQL.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-47682 is a critical SQL Injection vulnerability affecting Cozy Vision SMS Alert Order Notifications, allowing attackers to inject malicious SQL code and potentially access sensitive data.
You are affected if you are using Cozy Vision SMS Alert Order Notifications versions 0.0.0 through 3.8.1. Upgrade to 3.8.3 or later to resolve the issue.
Upgrade Cozy Vision SMS Alert Order Notifications to version 3.8.3 or later. As a temporary workaround, implement a WAF with SQL Injection protection.
While no public exploits are currently known, the ease of SQL Injection exploitation suggests a high probability of exploitation if left unpatched.
Refer to the Cozy Vision website or plugin repository for the official advisory and release notes related to CVE-2025-47682.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.