Lucene search
China National Vulnerability DatabaseCNVD-2022-67548HistoryMay 10, 2022 - 12:00 a.m.
WordPress Order Listener for WooCommerce plugin SQL injection vulnerability
2022-05-1000:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
0.041 Low
EPSS
Percentile
92.2%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. SQL injection vulnerability exists in versions prior to WordPress Order Listener for WooCommerce plugin 3.2.2, which stems from an arbitrary user-available REST The id parameter passed in the route is not cleaned up and escaped before the SQL statement is spliced. An attacker could exploit this vulnerability to cause SQL injection.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress order listener for woocommerce plugin | lt | 3.2.2 |
Related
patchstack
patchstack
nvd
nvd
CVE-2022-0948
2022-05-09 17:15:08
wpexploit
wpexploit
Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi
2022-04-12 00:00:00
nuclei
nuclei
WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection
2022-12-03 11:04:00
wpvulndb
wpvulndb
Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi
2022-04-12 00:00:00
prion
prion
Sql injection
2022-05-09 17:15:00
cvelist
cvelist
CVE-2022-0948 Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi
2022-05-09 16:50:41
cve
cve
CVE-2022-0948
2022-05-09 17:15:08