平台
wordpress
组件
woo-producttables-pro
修复版本
2.2.7
CVE-2025-31059 describes a SQL Injection vulnerability discovered in the WBW Product Table PRO WordPress plugin. This flaw allows attackers to inject arbitrary SQL code, potentially granting them unauthorized access to sensitive data stored within the database. The vulnerability impacts versions 0 through 2.2.6 of the plugin, and a patch is available in version 2.2.7.
Successful exploitation of this SQL Injection vulnerability could allow an attacker to bypass authentication mechanisms and gain full control over the WordPress database. This could lead to the exfiltration of sensitive customer data, including personally identifiable information (PII), financial details, and order history. Furthermore, an attacker could modify or delete data, disrupt website functionality, or even gain access to the underlying server through database credentials. The potential blast radius extends beyond the immediate website, potentially impacting any systems connected to the database.
CVE-2025-31059 was publicly disclosed on 2025-06-09. The vulnerability's severity is high due to the potential for complete database compromise. No public proof-of-concept (POC) code has been identified at the time of writing, but the SQL Injection nature of the vulnerability makes it likely that a POC will emerge. It is not currently listed on the CISA KEV catalog.
Websites using the WBW Product Table PRO plugin, particularly those handling sensitive customer data or operating in regulated industries, are at significant risk. Shared hosting environments where multiple websites share the same database are also at increased risk, as a compromise of one website could potentially impact others.
• wordpress / composer / npm:
grep -r "woobew/wbw-product-tables-pro" ./• wordpress / composer / npm:
wp plugin list | grep woobew• wordpress / composer / npm:
wp plugin update --all• generic web: Check for unusual database activity in WordPress error logs, specifically related to SQL queries.
disclosure
漏洞利用状态
EPSS
0.06% (18% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-31059 is to immediately upgrade the WBW Product Table PRO plugin to version 2.2.7 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious SQL injection attempts targeting the vulnerable endpoints. Additionally, review and restrict database user permissions to limit the impact of a successful attack. Monitor database logs for unusual activity and consider implementing input validation and parameterized queries in custom code.
Update to version 2.2.7, or a newer patched version
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-31059 is a critical SQL Injection vulnerability affecting versions 0–2.2.6 of the WBW Product Table PRO WordPress plugin, allowing attackers to inject malicious SQL code.
You are affected if you are using WBW Product Table PRO versions 0 through 2.2.6. Check your plugin versions and update immediately.
Upgrade the WBW Product Table PRO plugin to version 2.2.7 or later. If immediate upgrade is not possible, implement WAF rules and restrict database user permissions.
While no active exploitation has been confirmed, the SQL Injection nature of the vulnerability makes it a high-risk target, and exploitation is likely.
Refer to the official WBW Product Table PRO website or WordPress plugin repository for the latest advisory and update information.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。