Plattform
wordpress
Komponente
woodly-core
Behoben in
1.4.1
CVE-2025-69310 describes a critical SQL Injection vulnerability discovered in the Woodly Core WordPress plugin. This flaw allows attackers to potentially extract sensitive data from the database through blind SQL injection techniques. The vulnerability affects versions from 0.0.0 up to and including 1.4. A patch is expected to be released by the vendor.
The SQL Injection vulnerability in Woodly Core allows an attacker to bypass security measures and directly interact with the underlying database. Successful exploitation can lead to unauthorized access to sensitive information, including user credentials, configuration details, and potentially even the entire database contents. Because the injection is 'blind,' the attacker doesn't receive direct responses from the database, but can infer information through timing or other indirect methods, making detection more challenging. This could lead to complete compromise of a WordPress site and its associated data.
The vulnerability was publicly disclosed on 2026-02-20. Currently, there are no known public exploits or active campaigns targeting this specific vulnerability. It is not listed on the CISA KEV catalog at this time. The blind SQL injection nature of the vulnerability may make it more difficult to detect and exploit compared to traditional SQL injection flaws.
WordPress sites utilizing the Woodly Core plugin, particularly those running older versions (0.0.0 - 1.4), are at significant risk. Shared hosting environments where multiple websites share the same database are especially vulnerable, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r "SELECT .* FROM" /var/www/html/wp-content/plugins/woodly-core/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/woodly-core/ | grep SQL• wordpress / composer / npm:
wp plugin list --status=inactive | grep woodly-coredisclosure
Exploit-Status
EPSS
0.04% (12% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-69310 is to upgrade to a patched version of the Woodly Core plugin as soon as it becomes available. Until a patch is released, consider implementing a Web Application Firewall (WAF) with rules specifically designed to detect and block SQL Injection attempts targeting the plugin's endpoints. Carefully review and sanitize all user inputs to the plugin to prevent malicious SQL code from being injected. Regularly monitor database logs for suspicious activity and unusual query patterns.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Schwachstelle im Detail und setzen Sie Schutzmaßnahmen basierend auf der Risikobereitschaft Ihres Unternehmens um. Es kann am besten sein, die betroffene Software zu deinstallieren und einen Ersatz zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-69310 is a critical SQL Injection vulnerability affecting versions 0.0.0 through 1.4 of the Woodly Core WordPress plugin, allowing attackers to extract data via blind SQL injection.
If your WordPress site uses the Woodly Core plugin and is running version 0.0.0 to 1.4, you are potentially affected by this vulnerability. Upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of the Woodly Core plugin. Until a patch is released, implement WAF rules and sanitize user inputs.
As of the current disclosure date, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention and mitigation.
Please refer to the Woodly Core plugin's official website or WordPress plugin repository for the latest advisory and patch information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.