WordPress Homepage Product Organizer for WooCommerce plugin <= 1.1 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities
Software
Homepage Product Organizer for WooCommerce
Vulnerable versions
<= 1.1
PSID
dba7dc99c693
Classification
SQL Injection
OWASP Top 10
A1: Injection
Required privilege
Requires subscriber or higher role user authentication.
Publicly disclosed
2022-07-19
Patchstack vPatch available since
09.12.2021
Details
Multiple Authenticated SQL Injection (SQLi) vulnerabilities were discovered by Lenon Leite (Patchstack Alliance) in the WordPress Homepage Product Organizer for WooCommerce plugin (versions <= 1.1).
Solution
No patched version is available. We were unable to contact the vendor.
References