Multiple Shipping Address Woocommerce < 2.0 - SQL Injection

Short Info

Level

High

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

19 days 12 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

The Multiple Shipping Address Woocommerce plugin before 2.0 does not properly sanitize and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections.

References:

https://wpscan.com/vulnerability/4d594424-8048-482d-b61c-45be1e97a8ba/
https://nvd.nist.gov/vuln/detail/CVE-2022-0783

Remediation:
Update the Multiple Shipping Address Woocommerce plugin to version 2.0 or later.

Get started to protecting your digital assets

Start trial See the plans

Multiple Shipping Address Woocommerce < 2.0 - SQL Injection

Short Info

-

Detail

Category