Lucene search

K
patchstackDave Jong (Patchstack)PATCHSTACK:FF7460387875523E210D1534E87952CB
HistoryAug 07, 2024 - 12:00 a.m.

WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) Plugin < 1.7.0 is vulnerable to SQL Injection

2024-08-0700:00:00
Dave Jong (Patchstack)
patchstack.com
1
wordpress
docket
woocommerce collections
wishlist
watchlist
plugin
vulnerable
sql injection
cve-2024-43132
patch
owasp top 10
unauthenticated

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

Software

Docket (WooCommerce Collections / Wishlist / Watchlist)

Type

Plugin

Vulnerable versions

< 1.7.0

Fixed in

1.7.0

OWASP Top 10

A3: Injection

Classification

SQL Injection

CVE

CVE-2024-43132

Patch priority

High

CVSS severity

High (9.3)

Developer

Claim ownership

PSID

952a5b0e08da

Credits

Dave Jong Patchstack Dave Jong (Patchstack)

Required privilege

Unauthenticated

Published

7 August, 2024

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

We advise to mitigate or resolve the vulnerability immediately.

Affected configurations

Vulners
Node
-docket_\(woocommerce_collections_\/_wishlist_\/_watchlist\)Range<1.7.0
VendorProductVersionCPE
-docket_\(woocommerce_collections_\/_wishlist_\/_watchlist\)*cpe:2.3:a:-:docket_\(woocommerce_collections_\/_wishlist_\/_watchlist\):*:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

Related for PATCHSTACK:FF7460387875523E210D1534E87952CB