प्लेटफ़ॉर्म
wordpress
घटक
woodly-core
में ठीक किया गया
1.4.1
CVE-2025-69310 describes a critical SQL Injection vulnerability discovered in the Woodly Core WordPress plugin. This flaw allows attackers to potentially extract sensitive data from the database through blind SQL injection techniques. The vulnerability affects versions from 0.0.0 up to and including 1.4. A patch is expected to be released by the vendor.
The SQL Injection vulnerability in Woodly Core allows an attacker to bypass security measures and directly interact with the underlying database. Successful exploitation can lead to unauthorized access to sensitive information, including user credentials, configuration details, and potentially even the entire database contents. Because the injection is 'blind,' the attacker doesn't receive direct responses from the database, but can infer information through timing or other indirect methods, making detection more challenging. This could lead to complete compromise of a WordPress site and its associated data.
The vulnerability was publicly disclosed on 2026-02-20. Currently, there are no known public exploits or active campaigns targeting this specific vulnerability. It is not listed on the CISA KEV catalog at this time. The blind SQL injection nature of the vulnerability may make it more difficult to detect and exploit compared to traditional SQL injection flaws.
WordPress sites utilizing the Woodly Core plugin, particularly those running older versions (0.0.0 - 1.4), are at significant risk. Shared hosting environments where multiple websites share the same database are especially vulnerable, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r "SELECT .* FROM" /var/www/html/wp-content/plugins/woodly-core/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/woodly-core/ | grep SQL• wordpress / composer / npm:
wp plugin list --status=inactive | grep woodly-coredisclosure
एक्सप्लॉइट स्थिति
EPSS
0.04% (12% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-69310 is to upgrade to a patched version of the Woodly Core plugin as soon as it becomes available. Until a patch is released, consider implementing a Web Application Firewall (WAF) with rules specifically designed to detect and block SQL Injection attempts targeting the plugin's endpoints. Carefully review and sanitize all user inputs to the plugin to prevent malicious SQL code from being injected. Regularly monitor database logs for suspicious activity and unusual query patterns.
कोई ज्ञात पैच उपलब्ध नहीं है। कृपया भेद्यता के विवरण की गहराई से समीक्षा करें और अपने संगठन के जोखिम सहनशीलता के आधार पर शमन उपाय करें। प्रभावित सॉफ़्टवेयर को अनइंस्टॉल करना और प्रतिस्थापन खोजना सबसे अच्छा हो सकता है।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-69310 is a critical SQL Injection vulnerability affecting versions 0.0.0 through 1.4 of the Woodly Core WordPress plugin, allowing attackers to extract data via blind SQL injection.
If your WordPress site uses the Woodly Core plugin and is running version 0.0.0 to 1.4, you are potentially affected by this vulnerability. Upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of the Woodly Core plugin. Until a patch is released, implement WAF rules and sanitize user inputs.
As of the current disclosure date, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention and mitigation.
Please refer to the Woodly Core plugin's official website or WordPress plugin repository for the latest advisory and patch information.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।