CVE-2025-47682: 
WordPress vulnerability analysis and mitigation

A SQL Injection vulnerability (CVE-2025-47682) was discovered in SMS Alert Order Notifications – WooCommerce plugin, developed by Cozy Vision Technologies Pvt. Ltd. The vulnerability affects versions through 3.8.2 and was disclosed on May 8, 2025. This security issue allows unauthenticated attackers to perform SQL injection attacks against affected WordPress installations (Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) with a CVSS v3.1 base score of 9.3 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). The issue is tracked as CWE-89 and requires no authentication to exploit (NVD, Patchstack).

This vulnerability is considered highly dangerous and expected to become mass exploited. It could allow malicious actors to directly interact with the database, potentially leading to unauthorized data access and theft. The high CVSS score of 9.3 indicates critical severity with significant potential impact (Patchstack).

Users are strongly advised to update to version 3.8.2 or later immediately. For temporary mitigation, Patchstack has issued a virtual patch to block potential attacks until the update can be applied (Patchstack).