SQL Injection Vulnerability in Premmerce Wholesale Pricing Plugin for WordPress

CVE-2025-12411

What is CVE-2025-12411?

The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is susceptible to SQL Injection through the 'ID' parameter in versions up to 1.1.10. This vulnerability arises from inadequate escaping of user-supplied input and insufficient preparation of SQL queries, permitting authenticated attackers with subscriber-level access or higher to manipulate SQL queries. This exploitation can lead to unauthorized extraction of sensitive database information as well as changes to price type display names, causing visual corruption within the WordPress admin interface. Additionally, the vulnerability extends to the 'price_type' parameter of the 'premmerce_delete_price_type' action.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References