Lucene search
WPScanCVELIST:CVE-2021-24846HistoryDec 21, 2021 - 8:45 a.m.
CVE-2021-24846 Ni WooCommerce Custom Order Status < 1.9.7 - Subscriber+ SQL Injection
2021-12-2108:45:31
CWE-89
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
37.8%
The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by any authenticated users, such as subscriber
CNA Affected
[
{
"product": "Ni WooCommerce Custom Order Status",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.9.7",
"status": "affected",
"version": "1.9.7",
"versionType": "custom"
}
]
}
]Related
prion
prion
Sql injection
2021-12-21 09:15:00
cve
cve
CVE-2021-24846
2021-12-21 09:15:07
wpvulndb
wpvulndb
Ni WooCommerce Custom Order Status < 1.9.7 - Subscriber+ SQL Injection
2021-11-22 00:00:00
patchstack
patchstack
wpexploit
wpexploit
Ni WooCommerce Custom Order Status < 1.9.7 - Subscriber+ SQL Injection
2021-11-22 00:00:00
cnvd
cnvd
nvd
nvd
CVE-2021-24846
2021-12-21 09:15:07