## Vulnerability Key Information Summary ### Vulnerability Overview | Item | Content | |:---|:---| | **Vulnerability Name** | WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes Plugin SQL Injection Vulnerability | | **CVE ID** | CVE-2025-XXXX (Full CVE number not displayed on page) | | **Severity** | High priority | | **CVSS Score** | 9.8 / 10 | | **Vulnerability Type** | SQL Injection | | **Risk Description** | Attackers can directly interact with the database, including but not limited to information theft | --- ### Affected Scope | Item | Content | |:---|:---| | **Affected Software** | ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes | | **Software Type** | WordPress Plugin | | **Vulnerable Versions** | <= 1.4.9 | | **Secure Version** | 1.5.0 or higher | | **Disclosure Date** | March 30, 2025 | | **Reporter** | Martino Spagnuolo (@3v3r1) | --- ### Remediation Solutions #### Solution 1: Automatic Mitigation (Recommended) - Patchstack has released mitigation rules to block attacks before updates - Use Patchstack services for automatic vulnerability mitigation and website security maintenance #### Solution 2: Manual Update - **Update immediately to version 1.5.0 or higher** - Patchstack users can enable automatic updates for vulnerable plugins individually --- ### POC Code/Exploit Code **The page does not contain specific POC code or exploit code.**