CVE-2023-41685 WordPress Woocommerce Support System Plugin <= 1.2.1 is vulnerable to SQL Injection

2023-11-0608:17:56

CWE-89

Patchstack

github.com

wordpress

woocommerce support system

sql injection

vulnerability

AI Score

7.9

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ilghera:woocommerce_support_system:*:*:*:*:*:wordpress:*:*"
    ],
    "vendor": "ilghera",
    "product": "woocommerce_support_system",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "1.2.1"
      }
    ],
    "defaultStatus": "unaffected"
  }
]