Overview
CVE-2025-10144 is a medium severity vulnerability affecting the Perfect Brands for WooCommerce plugin for WordPress. This flaw allows authenticated attackers with Contributor-level access or higher to perform time-based SQL Injection attacks. The vulnerability exists in versions up to and including 3.6.2 of the plugin.
By exploiting this vulnerability, attackers can inject malicious SQL queries into existing queries, potentially leading to the extraction of sensitive information from the WordPress database. This could include user credentials, customer data, and other confidential information.
Technical Details
The vulnerability lies within the `products` shortcode’s `brands` attribute. Insufficient escaping of user-supplied input in this attribute, coupled with a lack of adequate preparation in the existing SQL query, creates an avenue for SQL Injection.
Specifically, the plugin fails to properly sanitize the `brands` parameter when used in the `products` shortcode. An attacker can craft a malicious payload within this parameter that, when processed by the plugin, injects additional SQL code into the database query. The time-based nature of the injection allows attackers to infer data by observing the response time of the server.
Affected Component: `lib/class-woocommerce.php#L112` (as seen in version 3.6.0)
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) assigns this vulnerability a score of 6.5 (Medium).
This score reflects the following factors:
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L) – Contributor level access is sufficient.
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality Impact (C): High (H)
- Integrity Impact (I): None (N)
- Availability Impact (A): None (N)
The medium severity stems from the need for authentication (Contributor role or higher) and the potential for significant data leakage.
Possible Impact
Successful exploitation of CVE-2025-10144 can have serious consequences:
- Data Breach: Attackers can extract sensitive data from the database, including user credentials, customer information (names, addresses, payment details), and potentially business-critical information.
- Account Takeover: Compromised user credentials can be used to gain unauthorized access to user accounts, including administrator accounts.
- Reputational Damage: A data breach can severely damage the reputation of the website owner and the brand associated with the WooCommerce store.
- Legal and Regulatory Compliance Issues: Data breaches can lead to legal and regulatory penalties, particularly if personal data is compromised.
Mitigation/Patch Steps
The recommended mitigation steps are:
- Update the Plugin: Upgrade the Perfect Brands for WooCommerce plugin to the latest version as soon as a patch is available. Check the WordPress plugin repository for updates.
- Apply Workarounds (If Available): If a patch is not immediately available, check for temporary workarounds provided by the plugin developer or security researchers. However, relying solely on workarounds is not recommended and upgrading to the patched version is always the preferred solution.
- Web Application Firewall (WAF): Implement a Web Application Firewall (WAF) with rules designed to detect and block SQL Injection attempts. This can provide an additional layer of protection.
- Limit User Privileges: Regularly review user roles and permissions. Grant users only the minimum privileges necessary to perform their tasks. Avoid granting Contributor-level access to untrusted users.
