WordPress Plugin Vulnerabilities
Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi
Description
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author.
Proof of Concept
Affects Plugins
Fixed in 1.7.2 References
CVE
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Donato Di Pasquale & Francesco Marano
Submitter
Donato Di Pasquale & Francesco Marano
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-12-09 (about 3 years ago)
Added
2022-12-09 (about 3 years ago)
Last Updated
2022-12-09 (about 3 years ago)
WPScan 