VulnerAlert



GOOGLE
WORDPRESS
06-09-2025 04:20

CVE-2025-10046 Vulnerabilidad documentada

4.9 MEDIUM
Tags
#wordpress
#google
#sql injection
#sql
#plugin
#injection
#data
#woocommerce
#product
#form
#admin
#add
#database
#/sql(.*)injection/iU
#attackers
#authenticated
#vulnerable
#inject
#attack
#access
Descripción
The ELEX WooCommerce Google Shopping (Google Product Feed) plugin for WordPress is vulnerable to SQL Injection via the 'file_to_delete' parameter in all versions up to, and including, 1.4.3 due insufficient escaping on user supplied lack of sufficient preparation existing query. This makes it possible authenticated attackers, with Administrator-level access above, append additional queries into already that can be used extract sensitive information from database.
https://plugins.svn.wordpress.org/elex-woocommerce-google-product-feed-plugin-basic/tags/1.4.3/includes/elex-manage-feed-ajax.php#29
https://plugins.trac.wordpress.org/changeset/3342699/elex-woocommerce-google-product-feed-plugin-basic/tags/1.4.4/includes/elex-manage-feed-ajax.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/0afe37bb-fa8a-4e7b-93c6-c44b3fbeb904?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-10046
Resultados similares
Coincidentes en almenos en 50% de los tags
08-09-2025 CVE-2025-8085
The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests t...
Ver información
06-09-2025 CVE-2025-6757
The Recent Posts Widget Extended plugin for WordPress is vulnerable to Stored Cross-Site Script...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por