2 matches found
CVE-2021-24928 Rearrange Woocommerce Products < 3.0.8 - Subscriber+ SQL Injection
The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the saveallorder AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such as subscriber, to...
CVE-2021-24928
CVE-2021-24928 concerns the WordPress plugin “Rearrange Woocommerce Products” (versions before 3.0.8). The vulnerability arises from insufficient access controls in the save_all_order AJAX action and lack of validation/escaping for user input in SQL statements, enabling an authenticated user (e.g...