Primary

Context

B1.lt WordPress Plugin SQL Injection Vulnerability in WooCommerce

Vulnerability

A SQL injection vulnerability has been identified in the B1.lt plugin for WordPress, specifically in versions through 2.2.56. The issue arises from inadequate escaping of user-supplied data in the 'id' parameter, coupled with a lack of proper preparation in the SQL query. This vulnerability allows authenticated attackers with Subscriber-level access or higher to inject additional SQL commands into existing queries, potentially leading to the extraction of sensitive information from the database.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate database queries and access sensitive information from the database.

Remediation

No known patch is available. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.

Added: Jul 18, 2025, 6:36 AM

Updated: Jul 18, 2025, 6:36 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

B1.lt WordPress Plugin SQL Injection Vulnerability in WooCommerce

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating