Platform
wordpress
Component
woo-mailerlite
Fixed in
3.1.3
CVE-2025-67945 describes a SQL Injection vulnerability discovered in the MailerLite – WooCommerce integration plugin for WordPress. This flaw allows attackers to inject malicious SQL code, potentially compromising sensitive data stored within the WooCommerce database. The vulnerability impacts versions from 0.0.0 up to and including 3.1.2. A patch has been released in version 3.1.3.
Successful exploitation of this SQL Injection vulnerability could grant an attacker unauthorized access to the WooCommerce database. This could lead to the exfiltration of sensitive customer data, including personal information, order details, and payment information. Furthermore, an attacker could potentially modify or delete data, disrupt WooCommerce operations, or even gain control of the entire WordPress site. The impact is particularly severe given the prevalence of WooCommerce and the sensitivity of the data it handles. While no specific real-world exploitation has been publicly reported, the severity of SQL Injection vulnerabilities generally makes them high-priority targets.
CVE-2025-67945 is not currently listed on the CISA KEV catalog. The EPSS score is likely to be medium to high, given the CRITICAL CVSS score and the potential for significant data compromise. Public proof-of-concept exploits are not yet widely available, but the vulnerability's nature makes it a likely target for exploitation. The vulnerability was publicly disclosed on 2026-01-22.
Exploit Status
EPSS
0.05% (16% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-67945 is to immediately upgrade the MailerLite – WooCommerce integration plugin to version 3.1.3 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious SQL injection attempts targeting the vulnerable endpoints. Specifically, look for patterns associated with SQL injection payloads in incoming requests. Additionally, review and restrict database user permissions to limit the potential damage from a successful attack. After upgrading, confirm the fix by attempting a SQL injection attack on the vulnerable endpoint and verifying that it is properly blocked.
Update to version 3.1.3, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-67945 is a critical SQL Injection vulnerability affecting the MailerLite – WooCommerce integration plugin for WordPress, allowing attackers to inject malicious SQL code.
You are affected if you are using MailerLite – WooCommerce integration versions 0.0.0 through 3.1.2. Upgrade to 3.1.3 or later to mitigate the risk.
Upgrade the MailerLite – WooCommerce integration plugin to version 3.1.3 or later. Consider a WAF as a temporary workaround if upgrading is not immediately possible.
While no confirmed active exploitation has been publicly reported, the vulnerability's severity makes it a likely target for attackers.
Refer to the official MailerLite security advisory for details and updates regarding CVE-2025-67945.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.