CVE-2025-23967

🗓️ 27 Jun 2025 11:52:11Reported by PatchstackType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 11 Views

SQL Injection vulnerability in GG Bought Together for WooCommerce plugin version 1.0.2 and earlier

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-23967	27 Jun 202513:50	–	circl
CNNVD	WordPress plugin GG Bought Together for WooCommerce SQL注入漏洞	27 Jun 202500:00	–	cnnvd
Cvelist	CVE-2025-23967 WordPress GG Bought Together for WooCommerce plugin <= 1.0.2 - SQL Injection Vulnerability	27 Jun 202511:52	–	cvelist
EUVD	EUVD-2025-19318	3 Oct 202520:07	–	euvd
NVD	CVE-2025-23967	27 Jun 202512:15	–	nvd
Patchstack	WordPress GG Bought Together for WooCommerce plugin <= 1.0.2 - SQL Injection Vulnerability	24 Jun 202512:12	–	patchstack
Positive Technologies	PT-2025-27077 · Woocommerce · Gg Bought Together For Woocommerce	27 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-23967	9 Jan 202608:46	–	redhatcve
Vulnrichment	CVE-2025-23967 WordPress GG Bought Together for WooCommerce plugin <= 1.0.2 - SQL Injection Vulnerability	27 Jun 202511:52	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (June 23, 2025 to June 29, 2025)	3 Jul 202513:02	–	wordfence

Vulners

Node

wpopal gg_bought_together_for_woocommerceRange≤1.0.2wordpress

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "gg-bought-together",
    "product": "GG Bought Together for WooCommerce",
    "vendor": "wpopal",
    "versions": [
      {
        "lessThanOrEqual": "1.0.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/Wordpress/Plugin/gg-bought-together/vulnerability/wordpress-gg-bought-together-for-woocommerce-1-0-2-sql-injection-vulnerability

28 Apr 2026 16:11Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.19.3

EPSS0.00232

SSVC

CWE-89