CVE-2024-43132

2024-08-2915:15:28

CWE-89

[email protected]

web.nvd.nist.gov

cve-2024-43132

sql injection

wpweb elite docket

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.7%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0.

Affected configurations

Nvd

Node

wpwebelitedocketRange<1.7.0wordpress

VendorProductVersionCPE
wpwebelitedocket*cpe:2.3:a:wpwebelite:docket:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wpwebelite	docket	*	cpe:2.3:a:wpwebelite:docket::::::wordpress::*

References

patchstack.com/database/vulnerability/woocommerce-collections/wordpress-docket-woocommerce-collections-wishlist-watchlist-plugin-1-6-6-unauthenticated-sql-injection-vulnerability?_s_id=cve