exploitDog

GHSA-h4pp-rf9h-q3cg

Опубликовано: 10 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection

The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection

Ссылки

EPSS

Процентиль: 98%

0.6652

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-0948

CVSS3: 9.8

nvd

больше 3 лет назад

The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection

EPSS

Процентиль: 98%

0.6652

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89