Lucene search

K
patchstackArvandyPATCHSTACK:2D22B9315E8D862A700074908F99DED4
HistoryJun 22, 2023 - 12:00 a.m.

WordPress Afterpay Gateway for WooCommerce Plugin < 1.12.4 is vulnerable to SQL Injection

2023-06-2200:00:00
Arvandy
patchstack.com
1
wordpress
afterpay gateway
woocommerce
sql injection
vulnerable version
cve-2023-2744
low severity

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

Software

Afterpay Gateway for WooCommerce

Type

Plugin

Vulnerable versions

< 1.12.4

Fixed in

1.12.4

OWASP Top 10

A1: Injection

Classification

SQL Injection

CVE

CVE-2023-2744

Patch priority

Low

CVSS severity

Low (7.6)

Developer

Claim ownership

PSID

d0e7ba2b77fa

Credits

Arvandy

Required privilege

Administrator

Published

22 June, 2023

Vulnerability details

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

This security issue has a low severity impact and is unlikely to be exploited.

Affected configurations

Vulners
Node
afterpayafterpay_gateway_for_woocommerceRange<1.12.4wordpress
VendorProductVersionCPE
afterpayafterpay_gateway_for_woocommerce*cpe:2.3:a:afterpay:afterpay_gateway_for_woocommerce:*:*:*:*:*:wordpress:*:*

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

Related for PATCHSTACK:2D22B9315E8D862A700074908F99DED4