Lucene search
Ni Woocommerce Custom Order Status Security Vulnerabilities
cve
The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable b...
8.8CVSS
8.7AI Score
0.001EPSS
2021-12-21 09:15 AM
21