WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection

Description

The plugin was reported to be affected by a critical Unauthenticated SQL Injection vulnerability.

Affects Plugins

woo-gutenberg-products-block
Fixed in version 5.5.1

References

CVE
CVE-2021-32789
URL
https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/
URL
https://twitter.com/WooCommerce/status/1415442447312764931
URL
https://noc.org/2021/07/15/serious-sqli-in-woocommerce/
URL
https://blog.wpscan.com/critical-woocommerce-vulnerabilities/
URL
https://github.com/woocommerce/woocommerce-gutenberg-products-block/security/advisories/GHSA-6hq4-w6wv-8wrp

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

Josh (jl-dos)

Verified

No

WPVDB ID
0f2089dc-9376-4d7d-95a2-25c99526804a

Timeline

Publicly Published

2021-07-15 (about 11 months ago)

Added

2021-07-15 (about 11 months ago)

Last Updated

2022-04-12 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin