WordPress MailerLite – WooCommerce integration plugin <= 3.1.2 - SQL Injection vulnerability
अनुवाद हो रहा है…प्लेटफ़ॉर्म
wordpress
घटक
woo-mailerlite
में ठीक किया गया
3.1.3
CVE-2025-67945 describes a SQL Injection vulnerability discovered in the MailerLite – WooCommerce integration plugin for WordPress. This flaw allows attackers to inject malicious SQL code, potentially compromising sensitive data stored within the WooCommerce database. The vulnerability impacts versions from 0.0.0 up to and including 3.1.2. A patch has been released in version 3.1.3.
इस CVE को अपने प्रोजेक्ट में पहचानें
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
प्रभाव और हमले की स्थितियाँअनुवाद हो रहा है…
Successful exploitation of this SQL Injection vulnerability could grant an attacker unauthorized access to the WooCommerce database. This could lead to the exfiltration of sensitive customer data, including personal information, order details, and payment information. Furthermore, an attacker could potentially modify or delete data, disrupt WooCommerce operations, or even gain control of the entire WordPress site. The impact is particularly severe given the prevalence of WooCommerce and the sensitivity of the data it handles. While no specific real-world exploitation has been publicly reported, the severity of SQL Injection vulnerabilities generally makes them high-priority targets.
शोषण संदर्भअनुवाद हो रहा है…
CVE-2025-67945 is not currently listed on the CISA KEV catalog. The EPSS score is likely to be medium to high, given the CRITICAL CVSS score and the potential for significant data compromise. Public proof-of-concept exploits are not yet widely available, but the vulnerability's nature makes it a likely target for exploitation. The vulnerability was publicly disclosed on 2026-01-22.
कौन जोखिम में हैअनुवाद हो रहा है…
Websites utilizing the MailerLite – WooCommerce integration plugin, particularly those running older versions (0.0.0–3.1.2), are at significant risk. Shared hosting environments where multiple websites share the same database are especially vulnerable, as a compromise on one site could potentially impact others. Sites with weak database user permissions also face increased risk.
पहचान के चरणअनुवाद हो रहा है…
• wordpress / composer / npm:
grep -r "SELECT .* FROM" /var/www/html/wp-content/plugins/woo-mailerlite/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/woo-mailerlite/ | grep SQL• wordpress / composer / npm:
wp plugin list --status=active | grep woo-mailerliteहमले की समयरेखा
- Disclosure
disclosure
खतरा खुफिया
एक्सप्लॉइट स्थिति
EPSS
0.05% (16% शतमक)
CISA SSVC
CVSS वेक्टर
इन मेट्रिक्स का क्या मतलब है?
- Attack Vector
- नेटवर्क — इंटरनेट के माध्यम से दूरस्थ रूप से शोषण योग्य। कोई भौतिक या स्थानीय पहुंच आवश्यक नहीं।
- Attack Complexity
- निम्न — कोई विशेष शर्त नहीं। विश्वसनीय रूप से शोषण योग्य।
- Privileges Required
- कोई नहीं — बिना प्रमाणीकरण के शोषण योग्य।
- User Interaction
- कोई नहीं — स्वचालित और मूक हमला। पीड़ित कुछ नहीं करता।
- Scope
- बदला हुआ — हमला कमज़ोर घटक से परे अन्य प्रणालियों तक फैल सकता है।
- Confidentiality
- उच्च — पूर्ण गोपनीयता हानि। हमलावर सभी डेटा पढ़ सकता है।
- Integrity
- कोई नहीं — अखंडता पर कोई प्रभाव नहीं।
- Availability
- निम्न — आंशिक या रुक-रुक कर सेवा से इनकार।
प्रभावित सॉफ्टवेयर
पैकेज जानकारी
- सक्रिय इंस्टॉलेशन
- 30Kज्ञात
- प्लगइन रेटिंग
- 2.9
- WordPress आवश्यक
- 3.0.1+
- संगत संस्करण तक
- 6.8.5
- PHP आवश्यक
- 7.2.5+
कमजोरी वर्गीकरण (CWE)
समयरेखा
- आरक्षित
- प्रकाशित
- संशोधित
- EPSS अद्यतन
शमन और वर्कअराउंडअनुवाद हो रहा है…
The primary mitigation for CVE-2025-67945 is to immediately upgrade the MailerLite – WooCommerce integration plugin to version 3.1.3 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious SQL injection attempts targeting the vulnerable endpoints. Specifically, look for patterns associated with SQL injection payloads in incoming requests. Additionally, review and restrict database user permissions to limit the potential damage from a successful attack. After upgrading, confirm the fix by attempting a SQL injection attack on the vulnerable endpoint and verifying that it is properly blocked.
कैसे ठीक करेंअनुवाद हो रहा है…
Update to version 3.1.3, or a newer patched version
CVE सुरक्षा न्यूज़लेटर
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
अक्सर पूछे जाने वाले सवालअनुवाद हो रहा है…
What is CVE-2025-67945 — SQL Injection in MailerLite WooCommerce?
CVE-2025-67945 is a critical SQL Injection vulnerability affecting the MailerLite – WooCommerce integration plugin for WordPress, allowing attackers to inject malicious SQL code.
Am I affected by CVE-2025-67945 in MailerLite WooCommerce?
You are affected if you are using MailerLite – WooCommerce integration versions 0.0.0 through 3.1.2. Upgrade to 3.1.3 or later to mitigate the risk.
How do I fix CVE-2025-67945 in MailerLite WooCommerce?
Upgrade the MailerLite – WooCommerce integration plugin to version 3.1.3 or later. Consider a WAF as a temporary workaround if upgrading is not immediately possible.
Is CVE-2025-67945 being actively exploited?
While no confirmed active exploitation has been publicly reported, the vulnerability's severity makes it a likely target for attackers.
Where can I find the official MailerLite advisory for CVE-2025-67945?
Refer to the official MailerLite security advisory for details and updates regarding CVE-2025-67945.
क्या आपका प्रोजेक्ट प्रभावित है?
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।