CVE-2025-22710

HIGH

StoreApps Smart Manager <8.52.0 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-22710. PoCs published by DoTTak.

AI-analyzed exploit summary This repository contains a working PoC for CVE-2025-22710, an SQL Injection vulnerability in the WooCommerce Advanced Bulk Edit plugin (Smart Manager) <= 8.50.0. The exploit demonstrates blind SQLi via the advanced search function, allowing attackers to execute arbitrary SQL queries.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in storeapps Smart Manager smart-manager-for-wp-e-commerce allows Blind SQL Injection.This issue affects Smart Manager: from n/a through <= 8.52.0.

Exploits (1)

nomisec WORKING POC 2 stars
by DoTTak · poc
https://github.com/DoTTak/CVE-2025-22710

This repository contains a working PoC for CVE-2025-22710, an SQL Injection vulnerability in the WooCommerce Advanced Bulk Edit plugin (Smart Manager) <= 8.50.0. The exploit demonstrates blind SQLi via the advanced search function, allowing attackers to execute arbitrary SQL queries.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: WooCommerce Advanced Bulk Edit (Smart Manager) <= 8.50.0
Auth required
Prerequisites: WordPress site with vulnerable plugin installed · Administrator credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.6
EPSS 0.0080
EPSS Percentile 51.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
StoreApps/Smart Manager < 8.52.0
storeapps/Smart Manager < 8.52.0
Published Jan 21, 2025
Tracked Since Feb 18, 2026