CVE-2022-0948 Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi

2022-05-0916:50:41

CWE-89

WPScan

www.cve.org

0.041 Low

EPSS

Percentile

92.2%

JSON

The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection

CNA Affected

[
  {
    "product": "Order Listener for WooCommerce – Play Sounds Instantly on New Orders",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "3.2.2",
        "status": "affected",
        "version": "3.2.2",
        "versionType": "custom"
      }
    ]
  }
]