The plugin does not properly sanitise and escape some parameters before using them in SQL statements, leading to SQL injection exploitable by any authenticated users (such as subscriber)
CPE | Name | Operator | Version |
---|---|---|---|
homepage-product-organizer-for-woocommerce | eq | * |