SQL Injection Vulnerability in WooCommerce Plugins of WordPress
Components Affected
✻ WordPress WooCommerce Plugin version 3.3 to 5.5
✻ WordPress WooCommerce Block version 2.5 to 5.5
Overview
A vulnerability has been identified in the WooCommerce plugin of WordPress which could allow an attacker to perform SQL injection attacks on a targeted system.
Description
This vulnerability exists in the WooCommerce plugin due to the improper injection of search parameters into a SQL query by a webhook search function. An attacker could exploit this vulnerability just by entering especially crafted SQL queries on the targeted system.
Successful exploitation of this vulnerability could allow an attacker to perform SQL injections and access sensitive information on the targeted system.
Impact
✻ Expose sensitive information
✻ Service disruption
Solution/ Workarounds
Apply the relevant update as mentioned in the WooCommerce advisory
Reference
Disclaimer
The information provided herein is on an “as is” basis, without warranty of any kind.
-
The decision we make today on cyber security will determine the security of the society in which we live tomorrow.
Total Users : 200883Designed and Developed by Procons Infotech