SQL Injection Vulnerability in Cart Tracking for WooCommerce by WordPress
CVE-2025-30791

7.6HIGH

Key Information:

Vendor: WordPress
Status: Cart Tracking For WooCommerce
Vendor: CVE Published:; 27 March 2025

What is CVE-2025-30791?

A vulnerability exists in the Cart Tracking for WooCommerce plugin that allows attackers to manipulate SQL queries through improper neutralization of special elements. This could lead to unauthorized data access and potential compromise of the database. The affected versions range from n/a to 1.0.16, making it essential for users to secure their installations and apply necessary updates.

Affected Version(s)

Cart tracking for WooCommerce <= 1.0.16

References

https://patchstack.com/database/wordpress/plugin/cart-tra...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

kuteminh11 - VNPT Cyber Immunity (Patchstack Alliance)