CVE-2025-47537

WordPress PDF Invoices for WooCommerce + Drag and Drop Template Builder <= 5.3.8 - SQL Injection Vulnerability

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in add-ons.org PDF Invoices for WooCommerce + Drag and Drop Template Builder allows SQL Injection. This issue affects PDF Invoices for WooCommerce + Drag and Drop Template Builder: from n/a through 5.3.8.

Remediation

Solution:

Update the WordPress PDF Invoices for WooCommerce + Drag and Drop Template Builder plugin to the latest available version (at least 5.4.0).

References

Link	Tags
https://patchstack.com/database/wordpress/plugin/pdf-for-woocommerce/vulnerability/wordpress-pdf-invoices-for-woocommerce-drag-and-drop-template-builder-5-3-8-sql-injection-vulnerability?_s_id=cve	vdb entry

Frequently Asked Questions

What is the severity of CVE-2025-47537?: CVE-2025-47537 has been scored as a high severity vulnerability.
How to fix CVE-2025-47537?: To fix CVE-2025-47537: Update the WordPress PDF Invoices for WooCommerce + Drag and Drop Template Builder plugin to the latest available version (at least 5.4.0).
Is CVE-2025-47537 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-47537 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-47537?: CVE-2025-47537 affects add-ons.org PDF Invoices for WooCommerce + Drag and Drop Template Builder.

Description

Remediation

Category

CWE-89 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

References

Frequently Asked Questions