logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Woocommerce 3.3 to 5.5 - Authenticated SQL Injection

Description

The plugin was reported to be affected by a critical Authenticated SQL Injection vulnerability.

Proof of Concept

The PoC will be displayed on July 29, 2021, to give users the time to update.

Affects Plugins

woocommerce

Fixed in version 5.5.1

References

URL

https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/

URL

https://twitter.com/WooCommerce/status/1415442447312764931

URL

https://www.wordfence.com/blog/2021/07/critical-sql-injection-vulnerability-patched-in-woocommerce/

URL

https://noc.org/2021/07/15/serious-sqli-in-woocommerce/

URL

https://blog.wpscan.com/critical-woocommerce-vulnerabilities/

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Original Researcher

Josh (jl-dos)

Verified

No

WPVDB ID

1212fec8-1fde-41e5-af70-abdd7ffe5379

Timeline

Publicly Published

2021-07-15 (about 10 days ago)

Added

2021-07-15 (about 10 days ago)

Last Updated

2021-07-19 (about 6 days ago)

Our Other Services

WPScan WordPress Security Plugin