SQL Injection Vulnerability in License Manager for WooCommerce by Saad Iqbal
CVE-2025-58788

7.6HIGH

Key Information:

Vendor: WordPress
Status: License Manager For WooCommerce
Vendor: CVE Published:; 5 September 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-58788?

An SQL Injection vulnerability has been identified in License Manager for WooCommerce, developed by Saad Iqbal. This flaw allows attackers to execute Blind SQL Injection attacks, potentially compromising database integrity. The vulnerability is present in all versions up to 3.0.12, making websites using this plugin susceptible to unauthorized database queries. Prompt actions are advised to secure affected installations and prevent exploitation.

Affected Version(s)

License Manager for WooCommerce <= 3.0.12

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-58788
Created by quetuan03

References

https://patchstack.com/database/wordpress/plugin/license-...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 1, 2025
👾
Exploit known to exist
Oct 1, 2025
Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Sep 5, 2025

Credit

Que Thanh Tuan - Blue Rock (Patchstack Alliance)

JSON

WordPress

Badges

What is CVE-2025-58788?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline

Credit