CVE-2025-22639

{"id": "CVE-2025-22639", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-22639", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2025-02-18T20:21:43.197840Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 3.1}]}, "affected": [{"source": "audit@patchstack.com", "affectedData": [{"vendor": "Techspawn", "product": "Distance Rate Shipping for WooCommerce", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.3.4"}], "packageName": "distance-rate-shipping-for-woocommerce-pro", "collectionURL": "https://codecanyon.net", "defaultStatus": "unaffected"}]}], "published": "2025-02-18T20:15:26.010", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/distance-rate-shipping-for-woocommerce-pro/vulnerability/wordpress-distance-rate-shipping-for-woocommerce-plugin-1-3-4-sql-injection-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Techspawn Distance Rate Shipping for WooCommerce distance-rate-shipping-for-woocommerce-pro allows Blind SQL Injection.This issue affects Distance Rate Shipping for WooCommerce: from n/a through <= 1.3.4."}, {"lang": "es", "value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando SQL ('inyecci\u00f3n SQL') vulnerabilidad en NotFound Distance Rate Shipping for WooCommerce permite Blind SQL inyecci\u00f3n. Este problema afecta el env\u00edo de la tasa de distancia para WooCommerce: desde N/A hasta 1.3.4."}], "lastModified": "2026-06-17T08:48:53.927", "sourceIdentifier": "audit@patchstack.com"}