CVE-2025-31534: 
WordPress vulnerability analysis and mitigation

An SQL Injection vulnerability was discovered in shopperdotcom Shopper WordPress plugin affecting versions through 3.2.5. The vulnerability was disclosed on March 31, 2025, and assigned CVE-2025-31534. This unauthenticated SQL injection vulnerability allows attackers to interact directly with the underlying database (Patchstack).

The vulnerability is classified as a CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). It received a CVSS v3.1 score of 9.3 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L, indicating network accessibility, low attack complexity, and no required privileges (NVD).

The SQL injection vulnerability could allow malicious actors to directly interact with the database, potentially leading to unauthorized access to sensitive information. The high CVSS score of 9.3 indicates critical severity with potential for significant data compromise (Patchstack).

Users are advised to immediately update to version 3.2.6 or later which contains the fix for this vulnerability. For Patchstack users, a virtual patch has been issued to mitigate this issue by blocking potential attacks until the update can be applied (Patchstack).