CVE-2025-47643: WordPress ELEX Product Feed for WooCommerce <= 3.1.2 - SQL Injection Vulnerability
First published: Wed May 07 2025(Updated: )
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue affects ELEX Product Feed for WooCommerce: from n/a through 3.1.2.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ELEX Product Feed for WooCommerce | <=3.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-47643?
CVE-2025-47643 is classified as a high severity SQL Injection vulnerability.
How do I fix CVE-2025-47643?
To fix CVE-2025-47643, upgrade the ELEX Product Feed for WooCommerce plugin to version 3.1.3 or later.
What type of vulnerability is CVE-2025-47643?
CVE-2025-47643 is an SQL Injection vulnerability due to improper neutralization of special elements used in SQL commands.
What versions of ELEX Product Feed for WooCommerce are affected by CVE-2025-47643?
CVE-2025-47643 affects ELEX Product Feed for WooCommerce versions up to and including 3.1.2.
Can CVE-2025-47643 be exploited remotely?
Yes, CVE-2025-47643 can be exploited remotely if an attacker can send crafted SQL queries to the affected application.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/severity
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/elex
- canonical/elex product feed for woocommerce