Multiple Shipping Address Woocommerce < 2.0 - SQL Injection

The Multiple Shipping Address Woocommerce plugin before 2.0 does not properly sanitize and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections.


References:

Remediation:
Update the Multiple Shipping Address Woocommerce plugin to version 2.0 or later.

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

19 days 12 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-
Get started to protecting your digital assets