CVE-2025-47544

{"id": "CVE-2025-47544", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2025-05-07T15:16:11.110", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/aco-woo-dynamic-pricing/vulnerability/wordpress-dynamic-pricing-with-discount-rules-for-woocommerce-4-5-8-sql-injection-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce aco-woo-dynamic-pricing allows Blind SQL Injection.This issue affects Dynamic Pricing With Discount Rules for WooCommerce: from n/a through <= 4.5.8."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en acowebs Dynamic Pricing With Discount Rules for WooCommerce permite la inyecci\u00f3n SQL ciega. Este problema afecta a la aplicaci\u00f3n de precios din\u00e1micos con reglas de descuento para WooCommerce desde n/d hasta la versi\u00f3n 4.5.8."}], "lastModified": "2026-04-23T15:30:27.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:acowebs:dynamic_pricing_with_discount_rules_for_woocommerce:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D3C5DBB0-62DB-45B3-8B13-96AB86BF44D6", "versionEndExcluding": "4.5.9"}], "operator": "OR"}]}], "sourceIdentifier": "audit@patchstack.com"}