4 matches found
CVE-2021-24846
The getquery function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocosajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by...
CVE-2021-24846
The getquery function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocosajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by...
CVE-2021-24846
The CVE-2021-24846 issue affects the WordPress plugin Ni WooCommerce Custom Order Status (versions before 1.9.7). The get_query() function does not properly sanitize the sort parameter before using it in a SQL statement via the niwoocos_ajax action, enabling SQL injection. Impact described across...
CVE-2021-24846 Ni WooCommerce Custom Order Status < 1.9.7 - Subscriber+ SQL Injection
The getquery function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocosajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by...