Lucene search
China National Vulnerability DatabaseCNVD-2021-102792HistoryDec 26, 2021 - 12:00 a.m.
WordPress Ni WooCommerce Custom Order Status plugin SQL injection vulnerability
2021-12-2600:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
0.001 Low
EPSS
Percentile
37.8%
WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.A SQL injection vulnerability exists in the WordPress Ni WooCommerce Custom Order Status plugin, which stems from the lack of validation of external input SQL statements by the get query() function. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress ni woocommerce custom order status plugin | lt | 1.9.7 |
Related
prion
prion
Sql injection
2021-12-21 09:15:00
cve
cve
CVE-2021-24846
2021-12-21 09:15:07
cvelist
cvelist
wpvulndb
wpvulndb
Ni WooCommerce Custom Order Status < 1.9.7 - Subscriber+ SQL Injection
2021-11-22 00:00:00
patchstack
patchstack
wpexploit
wpexploit
Ni WooCommerce Custom Order Status < 1.9.7 - Subscriber+ SQL Injection
2021-11-22 00:00:00
nvd
nvd
CVE-2021-24846
2021-12-21 09:15:07