Plateforme
wordpress
Composant
neon-product-designer-for-woocommerce
Corrigé dans
2.2.1
CVE-2025-32565 identifies a SQL Injection vulnerability within the Neon Product Designer for WooCommerce plugin. This flaw allows attackers to inject malicious SQL code, potentially compromising sensitive data and system integrity. The vulnerability impacts versions from 0.0.0 through 2.2.0. A patch is available in version 2.1.2.
Successful exploitation of this SQL Injection vulnerability could grant an attacker unauthorized access to the WooCommerce database. This could lead to the exfiltration of sensitive customer data, including usernames, passwords, addresses, and payment information. Furthermore, an attacker could potentially modify product data, disrupt order processing, or even gain control of the entire WordPress site. The impact is particularly severe given the plugin's role in customizing product design, often involving user-supplied data that is directly incorporated into database queries without proper sanitization. This vulnerability shares similarities with other SQL Injection flaws where attackers leverage unsanitized user input to manipulate database queries.
CVE-2025-32565 was publicly disclosed on 2025-04-11. The vulnerability's severity is considered CRITICAL due to the potential for widespread data compromise. As of this writing, there are no publicly available proof-of-concept exploits, but the ease of SQL Injection exploitation suggests a high probability of exploitation if left unpatched. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Websites utilizing the Neon Product Designer for WooCommerce plugin, particularly those running older versions (0.0.0–2.2.0), are at significant risk. Shared hosting environments where multiple WordPress sites share the same database are especially vulnerable, as a compromise of one site could potentially impact others. Sites with custom product design configurations relying heavily on user-supplied data are also at increased risk.
• wordpress / composer / npm:
grep -r "neon-product-designer-for-woocommerce" /var/www/html/wp-content/plugins/
wp plugin list | grep neon-product-designer-for-woocommerce• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/neon-product-designer-for-woocommerce/ | grep -i 'SQL Injection'disclosure
Statut de l'Exploit
EPSS
0.23% (percentile 46%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-32565 is to immediately upgrade the Neon Product Designer for WooCommerce plugin to version 2.1.2 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious SQL injection attempts targeting the plugin's endpoints. Additionally, review and harden database user permissions to limit the impact of a successful attack. Regularly scan the WordPress installation for vulnerabilities using a reputable security plugin.
Actualice el plugin Neon Product Designer for WooCommerce a la última versión disponible para solucionar la vulnerabilidad de inyección SQL. Verifique la página del plugin en WordPress.org para obtener la versión más reciente y las instrucciones de actualización. Realice una copia de seguridad completa de su sitio web antes de realizar cualquier actualización.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-32565 is a critical SQL Injection vulnerability affecting Neon Product Designer for WooCommerce versions 0.0.0–2.2.0, allowing attackers to inject malicious SQL code.
If you are using Neon Product Designer for WooCommerce versions 0.0.0 through 2.2.0, you are affected by this vulnerability and should upgrade immediately.
Upgrade Neon Product Designer for WooCommerce to version 2.1.2 or later to resolve the SQL Injection vulnerability. Consider WAF rules as an interim measure.
While no public exploits are currently available, the ease of SQL Injection exploitation suggests a high probability of exploitation if left unpatched.
Refer to the official Neon Product Designer website or WordPress plugin repository for the latest advisory and update information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.