logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection

Description

The plugin was reported to be affected by a critical Unauthenticated SQL Injection vulnerability.

Affects Plugins

woo-gutenberg-products-block

Fixed in version 5.5.1

References

CVE

CVE-2021-32789

URL

https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/

URL

https://twitter.com/WooCommerce/status/1415442447312764931

URL

https://noc.org/2021/07/15/serious-sqli-in-woocommerce/

URL

https://blog.wpscan.com/critical-woocommerce-vulnerabilities/

URL

https://github.com/woocommerce/woocommerce-gutenberg-products-block/security/advisories/GHSA-6hq4-w6wv-8wrp

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Original Researcher

Josh (jl-dos)

Verified

No

WPVDB ID

0f2089dc-9376-4d7d-95a2-25c99526804a

Timeline

Publicly Published

2021-07-15 (about 3 months ago)

Added

2021-07-15 (about 3 months ago)

Last Updated

2021-07-30 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin