SQL Injection Vulnerability in TicketBAI Facturas for WooCommerce by WordPress
CVE-2025-24767

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Ticketbai Facturas Para WooCommerce
Vendor: CVE Published:; 9 June 2025

What is CVE-2025-24767?

A significant SQL Injection vulnerability exists in the TicketBAI Facturas para WooCommerce plugin for WordPress, enabling attackers to execute arbitrary SQL commands through improper neutralization of special elements in SQL queries. This flaw affects versions from n/a through 3.19, potentially allowing unauthorized access to sensitive data within the WooCommerce environment. Ensuring plugin updates and implementing robust security measures are crucial steps to mitigate this risk.

Affected Version(s)

TicketBAI Facturas para WooCommerce <= 3.19

References

https://patchstack.com/database/wordpress/plugin/wp-ticke...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Martino Spagnuolo (r3verii) (Patchstack Alliance)