CVE-2025-22533

High

Published: 07 January 2025

Published

07 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.6 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

EPSS Score 0.0006 17.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bulktheme WOOEXIM wooexim allows SQL Injection.This issue affects WOOEXIM: from n/a through <= 5.0.0.

Security Summary

CVE-2025-22533 is an improper neutralization of special elements used in an SQL command, resulting in a SQL injection vulnerability (CWE-89), affecting the WOOEXIM WordPress plugin developed by bulktheme. The issue impacts all versions of WOOEXIM from unknown initial versions through 5.0.0 inclusive. Published on 2025-01-07, it carries a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L).

High-privileged users, such as those with administrative access, can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Successful exploitation enables high-impact confidentiality violations, such as unauthorized access to sensitive database information, alongside low availability disruption and changed scope, though integrity remains unaffected.

Mitigation details are available in the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/wooexim/vulnerability/wordpress-wooexim-plugin-5-0-0-sql-injection-vulnerability?_s_id=cve.

Details

CWE(s): CWE-89

References

https://patchstack.com/database/Wordpress/Plugin/wooexim/vulnerability/wordpress-wooexim-plugin-5-0-0-sql-injection-vulnerability?_s_id=cve
audit@patchstack.com