SQL Injection Vulnerability in License Manager for WooCommerce by Saad Iqbal
CVE-2025-58788

7.6HIGH

Key Information:

Vendor: WordPress
Status: License Manager For WooCommerce
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-58788?

An SQL Injection vulnerability has been identified in License Manager for WooCommerce, developed by Saad Iqbal. This flaw allows attackers to execute Blind SQL Injection attacks, potentially compromising database integrity. The vulnerability is present in all versions up to 3.0.12, making websites using this plugin susceptible to unauthorized database queries. Prompt actions are advised to secure affected installations and prevent exploitation.

Affected Version(s)

License Manager for WooCommerce <= 3.0.12

References

https://patchstack.com/database/wordpress/plugin/license-...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Sep 5, 2025

Credit

Que Thanh Tuan - Blue Rock (Patchstack Alliance)

WordPress

What is CVE-2025-58788?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit