Multiple Shipping Address Woocommerce < 2.0 - SQL Injection
The Multiple Shipping Address Woocommerce plugin before 2.0 does not properly sanitize and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections.
References:
- https://wpscan.com/vulnerability/4d594424-8048-482d-b61c-45be1e97a8ba/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0783
Remediation:
Update the Multiple Shipping Address Woocommerce plugin to version 2.0 or later.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
19 days 12 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox