SQL Injection Vulnerability in Dynamic Pricing Plugin for WooCommerce by Acowebs
CVE-2025-47544

7.6HIGH

Key Information:

Vendor: WordPress
Status: Dynamic Pricing With Discount Rules For WooCommerce
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-47544?

The Dynamic Pricing With Discount Rules for WooCommerce plugin by Acowebs is susceptible to an SQL Injection vulnerability, which allows attackers to manipulate database queries executed by the application. This may enable unauthorized access to sensitive data and the potential for malicious exploitation. The vulnerability affects versions of the plugin from n/a through 4.5.8, allowing for Blind SQL Injection techniques to be leveraged. Website administrators are recommended to update their plugins to mitigate risks associated with this security flaw.

Affected Version(s)

Dynamic Pricing With Discount Rules for WooCommerce <= 4.5.8

References

https://patchstack.com/database/wordpress/plugin/aco-woo-...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
May 7, 2025

Credit

tratt (Patchstack Alliance)

WordPress

What is CVE-2025-47544?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit