The vulnerability CVE-2025-69337 affects don-themes Wolmart Core versions up to 1.9.6 and is caused by improper neutralization of special elements in SQL commands, leading to Blind SQL Injection. This allows remote attackers to extract sensitive information from the database without authentication or user interaction. The CVSS 3.1 vector indicates the attack can be performed remotely over the network with low complexity and no privileges, resulting in a confidentiality breach and partial availability impact. No vendor advisory or patch information is currently provided, and no exploits are known in the wild.

An attacker can exploit this vulnerability remotely without authentication to perform Blind SQL Injection attacks, potentially extracting sensitive data from the backend database. The confidentiality impact is high, meaning sensitive information could be disclosed. The availability impact is low, indicating some disruption is possible but not complete denial of service. There is no integrity impact reported. No known exploits have been observed in the wild so far.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should monitor vendor communications for updates. Applying web application firewalls (WAF) with SQL injection detection rules may provide temporary mitigation. Avoid exposing vulnerable endpoints publicly if possible.