CVE-2025-22352

🗓️ 07 Jan 2025 10:48:39Reported by PatchstackType

cve🔗 web.nvd.nist.gov👁 65 Views🌐 WEB

SQL Injection vulnerability in ELEX WooCommerce Bulk Edit Plugin affects versions up to 1.4.8.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2025-22352	7 Jan 202511:18	–	circl
CNNVD	WordPress plugin ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes SQL注入漏洞	7 Jan 202500:00	–	cnnvd
Cvelist	CVE-2025-22352 WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes Plugin <= 1.4.9 - SQL Injection vulnerability	7 Jan 202510:48	–	cvelist
GithubExploit	Exploit for CVE-2025-22352	6 Jan 202501:59	–	githubexploit
EUVD	EUVD-2025-2751	3 Oct 202520:07	–	euvd
NVD	CVE-2025-22352	7 Jan 202511:15	–	nvd
Patchstack	WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes Plugin <= 1.4.9 - SQL Injection vulnerability	3 Jan 202514:32	–	patchstack
Positive Technologies	PT-2025-4466 · Elex · Elex Woocommerce Advanced Bulk Edit Products	7 Jan 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-22352	6 Feb 202502:28	–	redhatcve
Vulnrichment	CVE-2025-22352 WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes Plugin <= 1.4.9 - SQL Injection vulnerability	7 Jan 202510:48	–	vulnrichment

Vulners

Node

elextensions elex_woocommerce_advanced_bulk_edit_products,_prices_&_attributesRange≤1.4.9wordpress

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "elex-bulk-edit-products-prices-attributes-for-woocommerce-basic",
    "product": "ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes",
    "vendor": "ELEXtensions",
    "versions": [
      {
        "changes": [
          {
            "at": "1.5.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.4.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/Wordpress/Plugin/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/vulnerability/wordpress-elex-woocommerce-advanced-bulk-edit-products-prices-attributes-plugin-1-4-8-sql-injection-vulnerability

Parameter	Position	Path	Description	CWE
desired_price	request body	/elex-ajax-apifunctions.php	SQL Injection via unsafely concatenated price filter in AJAX function, leading to %1s SQL injection in main_query through the desired_price parameter.	CWE-89

28 Apr 2026 16:10Current

7.3High risk

Vulners AI Score7.3

CVSS 3.17.6

EPSS0.04954

SSVC

CWE-89