Vulnerability of the Premium Package: Selling Digital Products securely through the WordPress content management system. This vulnerability is related to the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary SQL code.

🗓️ 26 Mar 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 5 Views

Premium Package plugin in WordPress allows remote SQL code execution due to unprotected query structure.

Reporter	Title	Published	Views	Family All 12
GithubExploit	Exploit for CVE-2025-24659	31 Jan 202501:01	–	githubexploit
Circl	CVE-2025-24659	24 Jan 202520:17	–	circl
CNNVD	WordPress plugin Premium Packages SQL注入漏洞	24 Jan 202500:00	–	cnnvd
CVE	CVE-2025-24659	24 Jan 202517:24	–	cve
Cvelist	CVE-2025-24659 WordPress Premium Packages – Sell Digital Products Securely plugin <= 5.9.6 - SQL Injection vulnerability	24 Jan 202517:24	–	cvelist
EUVD	EUVD-2025-3854	3 Oct 202520:07	–	euvd
NVD	CVE-2025-24659	24 Jan 202518:15	–	nvd
Patchstack	WordPress Premium Packages – Sell Digital Products Securely plugin <= 5.9.6 - SQL Injection vulnerability	24 Jan 202511:47	–	patchstack
Positive Technologies	PT-2025-5480 · WordPress · Wordpress Download Manager Premium Packages	18 Dec 202400:00	–	ptsecurity
RedhatCVE	CVE-2025-24659	6 Feb 202502:34	–	redhatcve

Vulners

Node

wordpress premium_packages_-_sell_digital_products_securelyRange≤5.9.6

Source	Link
patchstack	www.patchstack.com/database/wordpress/plugin/wpdm-premium-packages/vulnerability/wordpress-premium-packages-sell-digital-products-securely-plugin-5-9-6-sql-injection-vulnerability
github	www.github.com/DoTTak/CVE-2025-24659
web	www.web.nvd.nist.gov/view/vuln/detail

26 Mar 2025 00:00Current

8.2High risk

Vulners AI Score8.2

CVSS 27.5

CVSS 37.6

EPSS0.00931

Premium Package WordPress vulnerability Structured Query Language remote execution arbitrary code execution