Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Network-reachable WordPress endpoint, only Subscriber auth required (PR:L), no user interaction; SQLi reaches shared DB (S:C) yielding high confidentiality, no integrity per advisory, low availability.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
Subscriber SQL Injection in WooCommerce Frontend Manager - Ultimate < 6.7.7 versions.
AnalysisAI
SQL injection in the WooCommerce Frontend Manager - Ultimate WordPress plugin (versions prior to 6.7.7) allows authenticated subscriber-level users to inject SQL via plugin-handled input, exposing database contents and enabling limited data tampering on affected WooCommerce sites. The CVSS 8.5 rating reflects a scope change reaching the underlying database with high confidentiality impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must hold a valid WordPress Subscriber-level (or higher) account on a site running WooCommerce Frontend Manager - Ultimate at version 6.7.6 or earlier; on default WooCommerce installations this is satisfied by self-registration through the My Account page or checkout flow. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L) indicates a network-reachable, low-complexity attack that only requires a Subscriber account - trivial to obtain on any WooCommerce store that allows customer registration, which is the default. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker self-registers a free Subscriber account on a target WooCommerce shop running WC Frontend Manager - Ultimate <= 6.7.6, authenticates, and sends a crafted request to a plugin-handled endpoint with a SQL payload in a parameter that is interpolated into a database query. Because the scope is Changed and impact reaches the shared WordPress database, the attacker exfiltrates wp_users password hashes, secret_key values from wp_options, and customer PII from WooCommerce order tables. … |
| Remediation | Patch available per vendor advisory - upgrade the WooCommerce Frontend Manager - Ultimate plugin to version 6.7.7 or later via the WordPress admin Plugins screen or by replacing the plugin directory from WC Lovers, then verify the running version under Plugins > Installed Plugins; see the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/wc-frontend-manager-ultimate/vulnerability/wordpress-woocommerce-frontend-manager-ultimate-plugin-6-7-6-sql-injection-vulnerability for confirmation. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all WordPress instances running WooCommerce Frontend Manager; document installed versions and disable the plugin if operationally feasible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37657