SQL Injection Vulnerability in Techspawn WhatsCart for WooCommerce
CVE-2025-31056

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Whatscart - WhatSAPp Abandoned Cart Recovery, Order Notifications, Chat Box, Otp For WooCommerce
Vendor: CVE Published:; 23 May 2025

What is CVE-2025-31056?

An SQL Injection vulnerability exists in Techspawn's WhatsCart – a WordPress plugin designed for abandoned cart recovery and order notifications in WooCommerce. This flaw enables attackers to manipulate SQL commands through improperly neutralized data input, potentially leading to unauthorized access to sensitive information stored in the database. The issue impacts versions from n/a through 1.1.0, making it crucial for users to assess their installations and apply necessary updates to safeguard their data.

Affected Version(s)

WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce <= 1.1.0

References

https://patchstack.com/database/wordpress/plugin/whatscar...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)