Code Injection Vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce
CVE-2025-48123

10CRITICAL

Key Information:

Vendor: WordPress
Status: Spreadsheet Price Changer For WooCommerce And WP E-commerce – Light
Vendor: CVE Published:; 9 June 2025

What is CVE-2025-48123?

A security vulnerability has been identified in the Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light editions, allowing malicious actors to execute arbitrary code remotely. This code injection flaw poses a significant risk to user data integrity and application security, particularly in versions ranging from n/a up to 2.4.37. It is essential for users of those versions to apply appropriate security measures and updates to mitigate potential exploits.

Affected Version(s)

Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light <= 2.4.37

References

https://patchstack.com/database/wordpress/plugin/excel-li...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2025
Vulnerability Reserved
May 15, 2025

Credit

ch4r0n (Patchstack Alliance)

WordPress

What is CVE-2025-48123?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit