CVE-2025-22639

{"id": "CVE-2025-22639", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 3.1}]}, "published": "2025-02-18T20:15:26.010", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/distance-rate-shipping-for-woocommerce-pro/vulnerability/wordpress-distance-rate-shipping-for-woocommerce-plugin-1-3-4-sql-injection-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Distance Rate Shipping for WooCommerce allows Blind SQL Injection. This issue affects Distance Rate Shipping for WooCommerce: from n/a through 1.3.4."}, {"lang": "es", "value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando SQL ('inyecci\u00f3n SQL') vulnerabilidad en NotFound Distance Rate Shipping for WooCommerce permite Blind SQL inyecci\u00f3n. Este problema afecta el env\u00edo de la tasa de distancia para WooCommerce: desde N/A hasta 1.3.4."}], "lastModified": "2025-02-18T20:15:26.010", "sourceIdentifier": "audit@patchstack.com"}