CVE-2024-0610

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

WordPress Piraeus Bank WooCommerce Payment Gateway Plugin <= 1.6.5.1 is vulnerable to SQL Injection

Software Piraeus Bank WooCommerce Payment Gateway Type Plugin Vulnerable versions = 1.6.5.1 Fixed in 1.7.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0610 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2c176142924a Credits Francesco Carlucci...

CVE-2024-0610

creationtimestamp| type| source ---|---|--- 2024-02-17 09:21:38+00:00| seen| https://t.me/ctinow/186827 2024-02-17 09:26:21+00:00| seen| https://t.me/ctinow/186838 2024-03-08 09:51:56+00:00| seen| https://t.me/ctinow/203184...

CVE-2024-0610 Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 - Unauthenticated SQL Injection

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2024-0610

The CVE-2024-0610 entry concerns the Piraeus Bank WooCommerce Payment Gateway for WordPress. A time-based blind SQL Injection exists in the MerchantReference parameter across all versions up to and including 1.6.5.1, caused by insufficient escaping of user input and inadequate preparation of the ...