Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.7 views

CVE-2021-24846

The getquery function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocosajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by...

8.8CVSS7AI score0.01318EPSS
Exploits2References1
OSV
OSV
added 2021/12/21 9:15 a.m.3 views

CVE-2021-24846

The getquery function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocosajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by...

8.8CVSS5.8AI score0.01318EPSS
Exploits2References1
CVE
CVE
added 2021/12/21 8:45 a.m.47 views

CVE-2021-24846

The CVE-2021-24846 issue affects the WordPress plugin Ni WooCommerce Custom Order Status (versions before 1.9.7). The get_query() function does not properly sanitize the sort parameter before using it in a SQL statement via the niwoocos_ajax action, enabling SQL injection. Impact described across...

8.8CVSS8.7AI score0.01318EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/12/21 8:45 a.m.18 views

CVE-2021-24846 Ni WooCommerce Custom Order Status < 1.9.7 - Subscriber+ SQL Injection

The getquery function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocosajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by...

8.9AI score0.01318EPSS
Exploits2References1
Rows per page
Query Builder