exploitDog

CVE-2024-0399

Опубликовано: 15 апр. 2024

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role.

Ссылки

https://wpscan.com/vulnerability/1550e30c-bf80-48e0-bc51-67d29ebe7272/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/1550e30c-bf80-48e0-bc51-67d29ebe7272/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vanquish:woocommerce_customers_manager:*:*:*:*:*:wordpress:*:*

Версия до 29.7 (исключая)

EPSS

Процентиль: 83%

0.02012

Низкий

8.1 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-fqrj-wwq6-q94w

CVSS3: 8.1

github

почти 2 года назад

The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role.

EPSS

Процентиль: 83%

0.02012

Низкий

8.1 High

CVSS3

Дефекты

CWE-89