SQL Injection Vulnerability in WooCommerce Plugins of WordPress

Languages: English. Risk Level: High.

Components Affected

✻ WordPress WooCommerce Plugin version 3.3 to 5.5

✻ WordPress WooCommerce Block version 2.5 to 5.5


A vulnerability has been identified in the WooCommerce plugin of WordPress which could allow an attacker to perform SQL injection attacks on a targeted system.


This vulnerability exists in the WooCommerce plugin due to the improper injection of search parameters into a SQL query by a webhook search function. An attacker could exploit this vulnerability just by entering especially crafted SQL queries on the targeted system.

Successful exploitation of this vulnerability could allow an attacker to perform SQL injections and access sensitive information on the targeted system.


✻ Expose sensitive information

✻ Service disruption

Solution/ Workarounds

Apply the relevant update as mentioned in the WooCommerce advisory



The information provided herein is on an “as is” basis, without warranty of any kind.