WordPress Wolmart Core प्लगइन <= 1.9.6 - SQL Injection भेद्यता
प्लेटफ़ॉर्म
wordpress
घटक
wolmart-core
में ठीक किया गया
1.9.7
CVE-2025-69337 describes a critical SQL Injection vulnerability discovered in the Wolmart Core WordPress plugin. This flaw allows attackers to perform blind SQL injection, potentially leading to unauthorized data access and manipulation. The vulnerability impacts versions from 0.0.0 through 1.9.6, and a patch is available in version 1.9.7.
इस CVE को अपने प्रोजेक्ट में पहचानें
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
प्रभाव और हमले की स्थितियाँअनुवाद हो रहा है…
The SQL Injection vulnerability in Wolmart Core allows an attacker to bypass security measures and directly interact with the underlying database. Because it's a blind SQL injection, the attacker doesn't receive immediate feedback from the database server, requiring them to infer data through techniques like timing attacks or boolean-based queries. Successful exploitation could lead to the extraction of sensitive user data, including usernames, passwords, email addresses, and order details. Furthermore, an attacker could potentially modify database records, leading to data corruption or unauthorized changes to the website's functionality. The impact is particularly severe given the plugin's likely use in e-commerce sites, where sensitive financial information is often stored.
शोषण संदर्भअनुवाद हो रहा है…
CVE-2025-69337 was published on 2026-02-20. The vulnerability is considered critical due to the potential for data exfiltration and modification. No public proof-of-concept (PoC) code has been released at the time of writing, but the nature of blind SQL injection makes it likely that such a PoC will emerge. It is not currently listed on the CISA KEV catalog.
कौन जोखिम में हैअनुवाद हो रहा है…
Websites using the Wolmart Core plugin, particularly those running e-commerce stores, are at significant risk. Shared hosting environments where multiple websites share the same database are especially vulnerable, as a compromise of one site could potentially lead to the compromise of others. Sites using older, unpatched versions of the plugin are most susceptible.
पहचान के चरणअनुवाद हो रहा है…
• wordpress / composer / npm:
grep -r "SELECT * FROM wp_" /var/www/html/wp-content/plugins/wolmart-core/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/wolmart-core/ | grep SQL• wordpress / composer / npm:
wp plugin list | grep wolmart-coreहमले की समयरेखा
- Disclosure
disclosure
खतरा खुफिया
एक्सप्लॉइट स्थिति
EPSS
0.04% (12% शतमक)
CISA SSVC
CVSS वेक्टर
इन मेट्रिक्स का क्या मतलब है?
- Attack Vector
- नेटवर्क — इंटरनेट के माध्यम से दूरस्थ रूप से शोषण योग्य। कोई भौतिक या स्थानीय पहुंच आवश्यक नहीं।
- Attack Complexity
- निम्न — कोई विशेष शर्त नहीं। विश्वसनीय रूप से शोषण योग्य।
- Privileges Required
- कोई नहीं — बिना प्रमाणीकरण के शोषण योग्य।
- User Interaction
- कोई नहीं — स्वचालित और मूक हमला। पीड़ित कुछ नहीं करता।
- Scope
- बदला हुआ — हमला कमज़ोर घटक से परे अन्य प्रणालियों तक फैल सकता है।
- Confidentiality
- उच्च — पूर्ण गोपनीयता हानि। हमलावर सभी डेटा पढ़ सकता है।
- Integrity
- कोई नहीं — अखंडता पर कोई प्रभाव नहीं।
- Availability
- निम्न — आंशिक या रुक-रुक कर सेवा से इनकार।
प्रभावित सॉफ्टवेयर
कमजोरी वर्गीकरण (CWE)
समयरेखा
- आरक्षित
- प्रकाशित
- संशोधित
- EPSS अद्यतन
शमन और वर्कअराउंडअनुवाद हो रहा है…
The primary mitigation for CVE-2025-69337 is to immediately upgrade the Wolmart Core plugin to version 1.9.7 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin to prevent exploitation. While a direct WAF rule is difficult to implement for blind SQL injection, implementing a WAF with generic SQL injection detection rules can provide a layer of defense. Regularly review database access logs for suspicious activity, specifically looking for unusual query patterns or attempts to access sensitive tables. Implement strong database user permissions, limiting the plugin's access to only the necessary data.
कैसे ठीक करें
संस्करण 1.9.7 में अपडेट करें, या एक नया पैच किया गया संस्करण
CVE सुरक्षा न्यूज़लेटर
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
अक्सर पूछे जाने वाले सवालअनुवाद हो रहा है…
What is CVE-2025-69337 — SQL Injection in Wolmart Core WordPress Plugin?
CVE-2025-69337 is a critical SQL Injection vulnerability affecting Wolmart Core WordPress plugin versions 0.0.0–1.9.6, allowing attackers to potentially extract data from the database.
Am I affected by CVE-2025-69337 in Wolmart Core WordPress Plugin?
If you are using Wolmart Core WordPress plugin versions 0.0.0 through 1.9.6, you are vulnerable to this SQL Injection flaw.
How do I fix CVE-2025-69337 in Wolmart Core WordPress Plugin?
Upgrade the Wolmart Core plugin to version 1.9.7 or later to resolve this vulnerability. If immediate upgrade is not possible, temporarily disable the plugin.
Is CVE-2025-69337 being actively exploited?
While no active exploitation has been confirmed, the nature of blind SQL injection suggests potential for exploitation, and monitoring is recommended.
Where can I find the official Wolmart Core advisory for CVE-2025-69337?
Refer to the official Wolmart Core plugin website or the don-themes support channels for the latest advisory and updates regarding CVE-2025-69337.
क्या आपका प्रोजेक्ट प्रभावित है?
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।