CVE-2025-67945

CRITICAL 9.3

WordPress MailerLite – WooCommerce integration plugin <= 3.1.2 - SQL Injection vulnerability

CVSS Score

9.3

EPSS Score

0.0%

EPSS Percentile

0th

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MailerLite MailerLite – WooCommerce integration woo-mailerlite allows SQL Injection.This issue affects MailerLite – WooCommerce integration: from n/a through <= 3.1.2.

CWE	CWE-89
Vendor	mailerlite
Product	mailerlite – woocommerce integration
Published	Jan 22, 2026
Last Updated	Apr 1, 2026

Stay Ahead of the Next One

Get instant alerts for mailerlite mailerlite – woocommerce integration

Be the first to know when new critical vulnerabilities affecting mailerlite mailerlite – woocommerce integration are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

MailerLite / MailerLite – WooCommerce integration

0 ≤ 3.1.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

patchstack.com: https://patchstack.com/database/Wordpress/Plugin/woo-mailerlite/vulnerability/wordpress-mailerlite-woocommerce-integration-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve

Credits

NumeX | Patchstack Bug Bounty Program