WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes versions = 1.4.9...

PT-2025-4466 · Elex · Elex Woocommerce Advanced Bulk Edit Products

Name of the Vulnerable Software and Affected Versions: ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes versions 1.4.8 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, which occurs due to the improper...