exploitDog

CVE-2022-0783

Опубликовано: 02 мая 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections

Ссылки

https://wpscan.com/vulnerability/4d594424-8048-482d-b61c-45be1e97a8ba
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/4d594424-8048-482d-b61c-45be1e97a8ba
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:themehigh:multiple_shipping_addresses_for_woocommerce:*:*:*:*:*:*:*:*

Версия до 2.0.0 (исключая)

EPSS

Процентиль: 98%

0.51271

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-q9fq-g6mh-4mr2

CVSS3: 9.8

github

почти 4 года назад

The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections

EPSS

Процентиль: 98%

0.51271

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89