4 matches found
CVE-2022-0948
The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection...
CVE-2022-0948
The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection...
CVE-2022-0948 Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi
The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection...
CVE-2022-0948
The CVE describes a SQL injection in the WordPress Order Listener for WooCommerce plugin prior to version 3.2.2. The vulnerability arises because the id parameter is not sanitized/escaped before being used in a SQL statement via an unauthenticated REST route, potentially enabling an attacker to r...