Lucene search

K
cvelistWPScanCVELIST:CVE-2022-0814
HistoryMay 09, 2022 - 4:50 p.m.

CVE-2022-0814 Ubigeo de Peru < 3.6.4 - Unauthenticated SQLi

2022-05-0916:50:32
CWE-89
WPScan
www.cve.org
1
cve-2022-0814
ubigeo de peru
woocommerce
sql injection
wordpress plugin

EPSS

0.04

Percentile

92.1%

The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections

CNA Affected

[
  {
    "product": "Ubigeo de Perú para Woocommerce y WordPress",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "3.6.4",
        "status": "affected",
        "version": "3.6.4",
        "versionType": "custom"
      }
    ]
  }
]

EPSS

0.04

Percentile

92.1%