SQL Injection Vulnerability in N-Media Bulk Product Sync Plugin
CVE-2025-31599

9.3CRITICAL

Key Information:

Vendor: N-media
Status: Bulk Product Sync
Vendor: CVE Published:; 11 April 2025

What is CVE-2025-31599?

The N-Media Bulk Product Sync plugin has a vulnerability that allows attackers to manipulate SQL commands through improper neutralization of special elements. This can lead to unauthorized access to sensitive data and potential database compromise. Users operating on versions from n/a up to 8.6 are particularly at risk, as this flaw facilitates execution of arbitrary SQL queries, enabling data leaks and other malicious activities.

Affected Version(s)

Bulk Product Sync <= 8.6

References

https://patchstack.com/database/wordpress/plugin/sync-wc-...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Mar 31, 2025

Credit

theviper17 (Patchstack Alliance)

N-media

What is CVE-2025-31599?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit