2 matches found
CVE-2022-0814 Ubigeo de Peru < 3.6.4 - Unauthenticated SQLi
The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections...
CVE-2022-0814
CVE-2022-0814 describes a SQL injection vulnerability in the Ubigeo de Perú for Woocommerce WordPress plugin prior to version 3.6.4. The issue arises from improper sanitisation/escaping of parameters in AJAX actions, some accessible without authentication, enabling unauthenticated SQL injection. ...