exploitDog

CVE-2022-4118

Опубликовано: 08 мая 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users

Ссылки

https://wpscan.com/vulnerability/2839ff82-7d37-4392-8fa3-d490680d42c4
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/2839ff82-7d37-4392-8fa3-d490680d42c4
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:coinmarketstats:bitcoin_\/_altcoin_payment_gateway_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 1.7.1 (включая)

EPSS

Процентиль: 67%

0.00538

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-qrhc-83j2-vphf

CVSS3: 9.8

github

больше 2 лет назад

The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users

EPSS

Процентиль: 67%

0.00538

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89