Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2021-102792
HistoryDec 26, 2021 - 12:00 a.m.

WordPress Ni WooCommerce Custom Order Status plugin SQL injection vulnerability

2021-12-2600:00:00
China National Vulnerability Database
www.cnvd.org.cn
7

0.001 Low

EPSS

Percentile

37.8%

WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.A SQL injection vulnerability exists in the WordPress Ni WooCommerce Custom Order Status plugin, which stems from the lack of validation of external input SQL statements by the get query() function. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.

0.001 Low

EPSS

Percentile

37.8%