How to fix CVE-2025-23967?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Validate that input sanitization is in place for all user-controlled parameters.

Is PHP affected by CVE-2025-23967?

CVE-2025-23967 presents critical security risk, a SQL injection vulnerability rated CVSS 9.3. Successful exploitation could allow attackers to execute arbitrary code or commands on affected systems, potentially leading to full system compromise.

CVE-2025-23967

EUVD-2025-19318 CRITICAL

2025-06-27 [email protected]

WordPress SQLi PHP

9.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 00:16 euvd

EUVD-2025-19318

Analysis Generated

Mar 16, 2026 - 00:16 vuln.today

CVE Published

Jun 27, 2025 - 12:15 nvd

CRITICAL 9.3

DescriptionNVD

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpopal GG Bought Together for WooCommerce allows SQL Injection. This issue affects GG Bought Together for WooCommerce: from n/a through 1.0.2.

AnalysisAI

Technical ContextAI

SQL injection occurs when user-supplied input is incorporated into SQL queries without proper sanitization or parameterized queries.

RemediationAI

Use parameterized queries or prepared statements. Apply input validation and escape special characters. Implement least-privilege database accounts.

CVE-2025-23967 vulnerability details – vuln.today

Back

CVE-2025-23967

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code