exploitDog

CVE-2022-4547

Опубликовано: 16 янв. 2023

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as admin.

Ссылки

https://bulletin.iese.de/post/conditional-payment-methods-for-woocommerce_1-0/
Broken Link
https://wpscan.com/vulnerability/fe1514b4-74e1-4c19-8741-c0d4db9bab99
Exploit
Third Party Advisory
https://bulletin.iese.de/post/conditional-payment-methods-for-woocommerce_1-0/
Broken Link
https://wpscan.com/vulnerability/fe1514b4-74e1-4c19-8741-c0d4db9bab99
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:thedotstore:conditional_payment_methods_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 1.0.0 (включая)

EPSS

Процентиль: 74%

0.00797

Низкий

7.2 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-fxp5-2pjw-x9j4

CVSS3: 7.2

github

около 3 лет назад

The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as admin.

EPSS

Процентиль: 74%

0.00797

Низкий

7.2 High

CVSS3

Дефекты

CWE-89