Platform
wordpress
Component
woodly-core
Fixed in
1.4.1
CVE-2025-69310 describes a critical SQL Injection vulnerability discovered in the Woodly Core WordPress plugin. This flaw allows attackers to potentially extract sensitive data from the database through blind SQL injection techniques. The vulnerability affects versions from 0.0.0 up to and including 1.4. A patch is expected to be released by the vendor.
The SQL Injection vulnerability in Woodly Core allows an attacker to bypass security measures and directly interact with the underlying database. Successful exploitation can lead to unauthorized access to sensitive information, including user credentials, configuration details, and potentially even the entire database contents. Because the injection is 'blind,' the attacker doesn't receive direct responses from the database, but can infer information through timing or other indirect methods, making detection more challenging. This could lead to complete compromise of a WordPress site and its associated data.
The vulnerability was publicly disclosed on 2026-02-20. Currently, there are no known public exploits or active campaigns targeting this specific vulnerability. It is not listed on the CISA KEV catalog at this time. The blind SQL injection nature of the vulnerability may make it more difficult to detect and exploit compared to traditional SQL injection flaws.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-69310 is to upgrade to a patched version of the Woodly Core plugin as soon as it becomes available. Until a patch is released, consider implementing a Web Application Firewall (WAF) with rules specifically designed to detect and block SQL Injection attempts targeting the plugin's endpoints. Carefully review and sanitize all user inputs to the plugin to prevent malicious SQL code from being injected. Regularly monitor database logs for suspicious activity and unusual query patterns.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-69310 is a critical SQL Injection vulnerability affecting versions 0.0.0 through 1.4 of the Woodly Core WordPress plugin, allowing attackers to extract data via blind SQL injection.
If your WordPress site uses the Woodly Core plugin and is running version 0.0.0 to 1.4, you are potentially affected by this vulnerability. Upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of the Woodly Core plugin. Until a patch is released, implement WAF rules and sanitize user inputs.
As of the current disclosure date, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention and mitigation.
Please refer to the Woodly Core plugin's official website or WordPress plugin repository for the latest advisory and patch information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.