SQL Injection Vulnerability in PagBank / PagSeguro Connect for WooCommerce Plugin
CVE-2025-10142

4.9MEDIUM

Key Information:

Vendor: WordPress
Status: Pagbank / Pagseguro Connect Para WooCommerce
Vendor: CVE Published:; 10 September 2025

What is CVE-2025-10142?

The PagBank / PagSeguro Connect para WooCommerce plugin for WordPress is susceptible to an SQL Injection exploit through the 'status' parameter. This vulnerability arises from inadequate sanitation of user-supplied input, allowing authenticated users with Shop Manager-level privileges or higher to inject additional SQL commands. This can lead to unauthorized access and extraction of sensitive data from the database, posing a significant security risk to affected sites. Prompt updates to versions beyond 4.44.3 are recommended to mitigate this issue.

Affected Version(s)

PagBank / PagSeguro Connect para WooCommerce * <= 4.44.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/pagbank-connect/

https://github.com/r-martins/PagBank-WooCommerce/commit/a...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2025
Vulnerability Reserved
Sep 8, 2025

Credit

Moose Love