9 matches found
CVE-2025-14770
The Shipping Rate By Cities plugin for WordPress is vulnerable to SQL Injection via the 'city' parameter in all versions up to, and including, 2.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2026-0678
The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2025-14770 Shipping Rate By Cities <= 2.0.0 - Unauthenticated SQL Injection via 'city' Parameter
The Shipping Rate By Cities plugin for WordPress is vulnerable to SQL Injection via the 'city' parameter in all versions up to, and including, 2.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2026-0678
The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2026-0678 Shipping Rates by City for WooCommerce <= 1.0.3 - Authenticated (Shop Manager+) SQL Injection via 'cities' Parameter
The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2026-0678
The CVE-2026-0678 affects the WordPress plugin 'Shipping Rate By Cities' (Shipping Rates by City for WooCommerce). It is a time-based SQL Injection in the cities parameter for all versions up to 1.0.3 due to insufficient escaping and lack of proper query preparation. Exploitation requires Shop Ma...
CVE-2026-0678 Shipping Rates by City for WooCommerce <= 1.0.3 - Authenticated (Shop Manager+) SQL Injection via 'cities' Parameter
The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
PT-2026-2829
The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
WordPress plugin Flat Shipping Rate by City for WooCommerce SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress Flat Shipping Rate by City for WooCommerce plugin, which stems from insufficient cleaning and escaping of the cities...