CVE-2022-4547

🗓️ 16 Jan 2023 15:37:50Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 51 Views🌐 WEB

The Conditional Payment Methods for WooCommerce plugin through 1.0 allows SQL injection

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2022-4547	16 Jan 202318:24	–	circl
CNNVD	WordPress plugin WooCommerce SQL注入漏洞	16 Jan 202300:00	–	cnnvd
Cvelist	CVE-2022-4547 Conditional Payment Methods for WooCommerce <= 1.0 - Admin+ SQLi	16 Jan 202315:37	–	cvelist
EUVD	EUVD-2022-51882	3 Oct 202520:07	–	euvd
NVD	CVE-2022-4547	16 Jan 202316:15	–	nvd
Prion	Sql injection	16 Jan 202316:15	–	prion
Positive Technologies	PT-2023-14678 · WordPress · Conditional Payment Methods For Woocommerce	16 Jan 202300:00	–	ptsecurity
RedhatCVE	CVE-2022-4547	22 May 202522:50	–	redhatcve
Vulnrichment	CVE-2022-4547 Conditional Payment Methods for WooCommerce <= 1.0 - Admin+ SQLi	16 Jan 202315:37	–	vulnrichment
wpexploit	Conditional Payment Methods for WooCommerce <= 1.0 - Admin+ SQLi	24 Dec 202200:00	–	wpexploit

NVD

Vulners

Node

thedotstore conditional_payment_methods_for_woocommerceRange≤1.0.0wordpress

[
  {
    "vendor": "Unknown",
    "product": "Conditional Payment Methods for WooCommerce",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "1.0"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
bulletin	www.bulletin.iese.de/post/conditional-payment-methods-for-woocommerce_1-0/
wpscan	www.wpscan.com/vulnerability/fe1514b4-74e1-4c19-8741-c0d4db9bab99

Parameter	Position	Path	Description	CWE
orderby	query param	/wp-admin/admin.php?page=wcpma-payment-settings&action=wcpma_view_list&orderby=1+AND+(SELECT+7394+FROM+(SELECT(SLEEP(5)))UrUZ)	SQL injection via an unsanitised parameter in a SQL statement allowing privilege abuse/execution of arbitrary SQL.	CWE-89

04 Apr 2025 19:15Current

7.3High risk

Vulners AI Score7.3

CVSS 3.17.2

EPSS0.00587

SSVC

CWE-89