CVE-2025-24780
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows SQL Injection.This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through <= 2.4.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL Injection vulnerability in Printcart Web to Print Product Designer for WooCommerce plugin (<=2.4.0) allows unauthenticated attackers to execute arbitrary SQL queries.
The Printcart Web to Print Product Designer for WooCommerce plugin suffers from an SQL Injection vulnerability due to improper neutralization of special elements used in SQL commands. This issue affects versions from n/a through 2.4.0 [1].
The vulnerability is remotely exploitable without authentication, making it a prime target for mass-exploit campaigns. Attackers can send crafted HTTP requests to inject malicious SQL statements [1].
Successful exploitation allows attackers to directly interact with the database, potentially leading to data theft, modification, or deletion. The CVSS score of 8.5 underscores the high severity [1].
Users are strongly advised to update to version 2.4.1 or later, which contains the fix. Patchstack has also released a mitigation rule to block attacks until the patch is applied [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.