CVE-2025-47608
published 2025-06-09CVE-2025-47608: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce…
PriorityP265critical9.3CVSS 3.1
AVNACLPRNUINSCCHINAL
EXPLOIT
EPSS
0.66%
47.0th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recover-wc-abandoned-cart allows SQL Injection.This issue affects Recover abandoned cart for WooCommerce: from n/a through <= 2.5.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonalsinha21 | recover_abandoned_cart_for_woocommerce | <= 2.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor WordPress AJAX requests targeting the save_data action with anomalous or SQL-syntax-containing values in the billing_first_name parameter. ↗
- →Flag requests that carry a wp_woocommerce_session cookie alongside suspicious billing_first_name payloads, as a valid session cookie with at least one cart item is a prerequisite for exploitation. ↗
- →The vulnerability is unauthenticated — no WordPress login session is needed, only a WooCommerce session cookie, so WAF rules should not rely on authenticated-user context to filter these requests. ↗
- ·The NVD entry references the plugin 'recover-wc-abandoned-cart' (sonalsinha21) affected through version 2.5, while the Metasploit module references a different 'Abandoned Cart for WooCommerce' plugin affected prior to version 5.8.2. Verify which plugin slug is present in the target environment before applying detections. ↗
- ·Exploitation requires the attacker to first obtain or generate a valid wp_woocommerce_session cookie with at least one item in the cart; detections should account for this prerequisite step (e.g., a prior POST to add-to-cart). ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2025-06-09
Published