CVE-2021-32789 Scanner
Detects 'SQL Injection' vulnerability in Gutenberg Blocks plugin for WooCommerce affects v. from 2.5.0 prior to 2.5.16.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Url
Toolbox
-
The Gutenberg Blocks plugin for WooCommerce is a feature that provides a seamless experience for e-commerce store owners. This plugin allows store owners to easily create custom product layouts, including arranging product images, descriptions, prices, and more. It removes the need for tedious coding, and allows store owners to build their store quickly and easily. With the Gutenberg Blocks plugin, the store owner can create a website that is visually appealing, responsive, and functional in a less amount of time.
The CVE-2021-32789 vulnerability is a security vulnerability detected in the Gutenberg Blocks plugin. It impacts all WooCommerce sites running versions of the plugin between 2.5.0 and prior to version 2.5.16. The vulnerability is an SQL injection vulnerability that could allow an attacker to execute a read-only SQL query against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint. This is a serious vulnerability because it could allow an attacker to extract sensitive information from an e-commerce site without being detected.
If exploited, the CVE-2021-32789 vulnerability could lead to the exposure of sensitive information like customer names, addresses, and payment information. An attacker could leverage this information for identity theft, credit card fraud, or other harmful purposes. The sensitive information could also be sold on the dark web to other attackers who could use it for more advanced attacks. Ultimately, an attacker could cause harm to both the e-commerce store owner and the customers.
Thanks to the pro features of the s4e.io platform, those who are reading this article can easily and quickly learn about vulnerabilities that may be present in their digital assets. With s4e.io, it is easy to detect, analyze, and remediate vulnerabilities before they become a problem. Store owners can relax knowing their website is safe and secure from potential attackers. Sign up for s4e.io today, and be confident in the security of your digital assets.
REFERENCES
- https://github.com/woocommerce/woocommerce-gutenberg-products-block-ghsa-6hq4-w6wv-8wrp/pull/1
- https://github.com/woocommerce/woocommerce-gutenberg-products-block/security/advisories/GHSA-6hq4-w6wv-8wrp
- https://hackerone.com/reports/1260787
- https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/
- https://wooengineering.wordpress.com/2021/07/14/incident-report-sql-injection-via-store-api/