What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CardGate CardGate Payments for WooCommerce cardgate allows Blind SQL Injection.This issue affects CardGate Payments for WooCommerce: from n/a through <= 3.2.1.
Explanation of Vulnerability in Simple Terms
02Summary
CardGate Payments for WooCommerce versions 3.2.1 and earlier contain a SQL injection vulnerability in the payment processing logic. An attacker can craft a malicious request that injects SQL commands into database queries. The vulnerability requires user interaction (victim must visit a crafted link or page) and can expose sensitive payment and customer data. Site availability may also be affected.
What an attacker can do
03Attacker Capabilities
Read sensitive database records including customer and payment information, or degrade site performance.
Potential impact on your site
04Site Impact
Customer payment data and personal information could be exposed; site may become slow or unresponsive.
Conditions required to exploit
05Prerequisites
Victim must click a malicious link or visit an attacker-controlled page; no authentication required.
Key dates
06Disclosure timeline
April 10, 2025
CVE published
April 29, 2026
Record updated