WordPress Homepage Product Organizer for WooCommerce plugin <= 1.1 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities
CVSS 3.1 score
Not reported to be exploited
Homepage Product Organizer for WooCommerce
OWASP Top 10
Requires subscriber or higher role user authentication.
Patchstack vPatch available since
Multiple Authenticated SQL Injection (SQLi) vulnerabilities were discovered by Lenon Leite (Patchstack Alliance) in the WordPress Homepage Product Organizer for WooCommerce plugin (versions <= 1.1).
No patched version is available. We were unable to contact the vendor.