CVE-2025-49263: WordPress WC Vendors Marketplace <= 2.5.6 - SQL Injection Vulnerability

7.6 CVSS

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WCVendors WC Vendors Marketplace allows Blind SQL Injection. This issue affects WC Vendors Marketplace: from n/a through 2.5.6.

Classification

CVE ID: CVE-2025-49263

CVSS Base Severity: HIGH

CVSS Base Score: 7.6

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Problem Types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected Products

Vendor: WCVendors

Product: WC Vendors Marketplace

References

https://nvd.nist.gov/vuln/detail/CVE-2025-49263
https://patchstack.com/database/wordpress/plugin/wc-vendors/vulnerability/wordpress-wc-vendors-marketplace-2-5-6-sql-injection-vulnerability?_s_id=cve

Timeline

2025-06-06 13:40:23 UTC
CVE

WordPress WC Vendors Marketplace <= 2.5.6 - SQL Injection Vulnerability