2 matches found
CVE-2022-0478
The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the postauthorgutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection...
WordPress plugin WooCommerce SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. SQL injection vulnerability exists in versions of...