SQL Injection Vulnerability in Ajax WooSearch Plugin by WordPress
CVE-2025-9697
Currently unrated
Key Information:
- Vendor
WordPress
- Status
- Vendor
- CVE Published:
- 2 October 2025
Badges
👾 Exploit Exists🟡 Public PoC
What is CVE-2025-9697?
The Ajax WooSearch plugin for WordPress allows unauthenticated users to exploit a vulnerability due to improper sanitization and escaping of parameters in SQL statements. This flaw can lead to a SQL injection, enabling attackers to manipulate database queries, which could potentially compromise sensitive data or disrupt site functionality. It is crucial for users of the plugin to apply necessary security measures and updates to mitigate the risks associated with this vulnerability.
Affected Version(s)
Ajax WooSearch 0 <= 1.0.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.