WordPress WooCommerce plugin <= 5.5.0 - Unauthenticated SQL Injection (SQLi) vulnerability - Patchstack

Vulnerability Database

WordPress WooCommerce plugin <= 5.5.0 - Unauthenticated SQL Injection (SQLi) vulnerability

woocommerce

Software

WooCommerce

Vulnerable Versions

<= 5.5.0

Fixed in version

5.5.1

CVE

CVE-N/A

References

Plugin changelog
Vulnerability details

Credits

Classification

SQL Injection

OWASP Top 10

A1: Injection

Disclosure Date

2021-07-15

CVSS 3.0 score

8.2

High

Are your websites subject to this vulnerability?

Details

Unauthenticated SQL Injection (SQLi) vulnerability discovered in WordPress WooCommerce plugin (versions <= 5.5.0).

Solution

Update the WordPress WooCommerce plugin to the latest available version (at least 5.5.1).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.