CVE-2025-47643 HIGH

CVE-2025-47643: WordPress ELEX Product Feed for WooCommerce <= 3.1.2 - SQL Injection Vulnerability

Vendor Elextensions

Product ELEX Product Feed for WooCommerce

Weakness CWE-89 · SQLi

Published May 7, 2025

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

7.6/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue affects ELEX Product Feed for WooCommerce: from n/a through 3.1.2.

Key dates

02Disclosure timeline

May 7, 2025 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-47643 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2026-33468 Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings CVE-2025-9468 itsourcecode Apartment Management System add_bill.php sql injection CVE-2026-10111 sambitraj STUDENT-MANAGEMENT-SYSTEM Login Page sql injection CVE-2024-7669 SourceCodester Car Driving School Management System Master.php delete_enrollment sql injection CVE-2023-5268 DedeBIZ makehtml_taglist_action.php sql injection

Identifiers

CVE CVE-2025-47643

CWE CWE-89

CVSS 7.6 / HIGH

Affected versions

Vendor Elextensions

Product ELEX Product Feed for WooCommerce

Affected ≥ n/a and ≤ 3.1.2