Skip to main content

Lumise Product Designer

1 CVEs product

Monthly

CVE-2026-25371 CRITICAL Act Now

A blind SQL injection vulnerability exists in King-Theme's Lumise Product Designer WordPress plugin, allowing unauthenticated attackers to extract sensitive data through time-based or boolean-based SQL inference techniques without direct query result visibility. The vulnerability affects all versions of Lumise Product Designer prior to 2.0.9. Attackers can exploit this to bypass authentication, enumerate database schemas, or extract user credentials and plugin configuration data.

SQLi Lumise Product Designer
NVD VulDB
CVSS 3.1
9.3
EPSS
0.0%
EPSS 0% CVSS 9.3
CRITICAL Act Now

A blind SQL injection vulnerability exists in King-Theme's Lumise Product Designer WordPress plugin, allowing unauthenticated attackers to extract sensitive data through time-based or boolean-based SQL inference techniques without direct query result visibility. The vulnerability affects all versions of Lumise Product Designer prior to 2.0.9. Attackers can exploit this to bypass authentication, enumerate database schemas, or extract user credentials and plugin configuration data.

SQLi Lumise Product Designer
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy