CVE-2025-32119: 
WordPress vulnerability analysis and mitigation

The CVE-2025-32119 is a SQL Injection vulnerability affecting CardGate Payments for WooCommerce plugin versions through 3.2.1. The vulnerability was discovered and disclosed on April 7, 2025, by João Pedro Soares de Alcântara. This security flaw allows for Blind SQL Injection in the CardGate Payments for WooCommerce plugin (Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) with a CVSS v3.1 Base Score of 8.2 (HIGH). The attack vector is characterized as Network (AV:N), with Low attack complexity (AC:L), requiring No privileges (PR:N), User interaction required (UI:R), and having a Changed scope (S:C). The impact includes High confidentiality impact (C:H), No integrity impact (I:N), and Low availability impact (A:L) (NVD).

The vulnerability could allow malicious actors to directly interact with the database, potentially leading to unauthorized access to sensitive information. The high CVSS score of 8.2 indicates a significant security risk, particularly concerning data confidentiality (Patchstack).

The vulnerability has been patched in version 3.2.2 of the CardGate Payments for WooCommerce plugin. Users are advised to update to version 3.2.2 or later to remove the vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited (Patchstack).