CVE-2025-47643
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue affects ELEX Product Feed for WooCommerce: from n/a through 3.1.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The ELEX Product Feed for WooCommerce plugin for WordPress is vulnerable to SQL Injection up to version 3.1.2, allowing database information theft.
The ELEX Product Feed for WooCommerce plugin for WordPress suffers from an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This flaw exists in versions from n/a through 3.1.2, as identified in advisory [1].
Attackers can exploit this vulnerability to interact with the database directly. The attack does not require authentication if the vulnerable endpoint is publicly accessible, which is a common scenario in WordPress plugins [1]. The CVSS score is 7.6, indicating a high severity, though the vendor rates it as low impact for WordPress environments [1].
Successful exploitation could allow an attacker to steal sensitive information from the database, such as user credentials, personal data, or other confidential data. This vulnerability is known to be used in mass-exploit campaigns targeting thousands of websites [1].
Users are advised to update to version 3.1.3 or later, which resolves the issue. Patchstack users can enable auto-update for vulnerable plugins. If updating is not possible, contact your hosting provider or web developer for assistance [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=3.1.2
- Range: <=3.1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.