CVE-2025-58686
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quadlayers Perfect Brands for WooCommerce perfect-woocommerce-brands allows SQL Injection.This issue affects Perfect Brands for WooCommerce: from n/a through <= 3.6.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in Perfect Brands for WooCommerce plugin (<=3.6.2) allows unauthenticated attackers to execute arbitrary SQL commands.
The Perfect Brands for WooCommerce plugin versions 3.6.2 and earlier contain an SQL injection vulnerability due to improper neutralization of special elements used in SQL commands [1]. This allows an attacker to inject malicious SQL queries via user-supplied input.
Attackers can exploit this vulnerability without authentication by sending crafted requests to the vulnerable plugin. The attack surface is the WordPress admin interface or any public-facing endpoints that accept user input processed by the plugin [1].
Successful exploitation enables attackers to directly interact with the WordPress database, potentially reading sensitive information such as usernames, passwords, and other stored data. In some cases, attackers may also modify or delete database content [1].
The vulnerability is fixed in version 3.6.3. Users are strongly advised to update immediately. Patchstack users can enable auto-updates for vulnerable plugins to simplify the patching process [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=3.6.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.