CVE-2021-24402

The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors...

CVE-2021-24402

The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors...

Sql injection

The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors...

CVE-2021-24402

The CVE-2021-24402 refers to the WordPress WP iCommerce plugin (versions up to 1.1.1). The Orders feature exposes an order_id parameter that is not sanitised, escaped or validated before being inserted into an SQL statement, enabling SQL injection. The vulnerability requires at least authenticate...

WP iCommerce <= 1.1.1 - Authenticated (contributor+) SQL Injection

The Orders functionality in the plugin has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors PoC GET...