SQL Injection Vulnerability in Dynamic Pricing Plugin for WooCommerce by Acowebs
CVE-2025-47544

7.2HIGH

Key Information:

Vendor: WordPress
Status: Dynamic Pricing With Discount Rules For WooCommerce
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-47544?

The Dynamic Pricing With Discount Rules for WooCommerce plugin by Acowebs is susceptible to an SQL Injection vulnerability, which allows attackers to manipulate database queries executed by the application. This may enable unauthorized access to sensitive data and the potential for malicious exploitation. The vulnerability affects versions of the plugin from n/a through 4.5.8, allowing for Blind SQL Injection techniques to be leveraged. Website administrators are recommended to update their plugins to mitigate risks associated with this security flaw.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Dynamic Pricing With Discount Rules for WooCommerce <= 4.5.8

References

https://patchstack.com/database/wordpress/plugin/aco-woo-...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
May 7, 2025

Credit

tratt (Patchstack Alliance)

JSON

WordPress

What is CVE-2025-47544?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.