WordPress Woodly Core प्लगइन <= 1.4 - SQL Injection भेद्यता

The SQL Injection vulnerability in Woodly Core allows an attacker to bypass security measures and directly interact with the underlying database. Successful exploitation can lead to unauthorized access to sensitive information, including user credentials, configuration details, and potentially even the entire database contents. Because the injection is 'blind,' the attacker doesn't receive direct responses from the database, but can infer information through timing or other indirect methods, making detection more challenging. This could lead to complete compromise of a WordPress site and its associated data.

WordPress sites utilizing the Woodly Core plugin, particularly those running older versions (0.0.0 - 1.4), are at significant risk. Shared hosting environments where multiple websites share the same database are especially vulnerable, as a compromise of one site could potentially impact others.

• wordpress / composer / npm:

grep -r "SELECT .* FROM" /var/www/html/wp-content/plugins/woodly-core/

• generic web:

curl -I https://your-wordpress-site.com/wp-content/plugins/woodly-core/ | grep SQL

• wordpress / composer / npm:

wp plugin list --status=inactive | grep woodly-core

1. 2026-02-20Disclosure

   disclosure

1. आरक्षित2025-12-31
2. प्रकाशित2026-02-20
3. संशोधित2026-04-28
4. EPSS अद्यतन2026-03-23

The primary mitigation for CVE-2025-69310 is to upgrade to a patched version of the Woodly Core plugin as soon as it becomes available. Until a patch is released, consider implementing a Web Application Firewall (WAF) with rules specifically designed to detect and block SQL Injection attempts targeting the plugin's endpoints. Carefully review and sanitize all user inputs to the plugin to prevent malicious SQL code from being injected. Regularly monitor database logs for suspicious activity and unusual query patterns.