Vulnerability Description
The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as admin.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thedotstore | Conditional Payment Methods For Woocommerce | <= 1.0.0 |
Related Weaknesses (CWE)
References
- https://bulletin.iese.de/post/conditional-payment-methods-for-woocommerce_1-0/Broken Link
- https://wpscan.com/vulnerability/fe1514b4-74e1-4c19-8741-c0d4db9bab99ExploitThird Party Advisory
- https://bulletin.iese.de/post/conditional-payment-methods-for-woocommerce_1-0/Broken Link
- https://wpscan.com/vulnerability/fe1514b4-74e1-4c19-8741-c0d4db9bab99ExploitThird Party Advisory
FAQ
What is CVE-2022-4547?
CVE-2022-4547 is a vulnerability with a CVSS score of 7.2 (HIGH). The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitabl...
How severe is CVE-2022-4547?
CVE-2022-4547 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-4547?
Check the references section above for vendor advisories and patch information. Affected products include: Thedotstore Conditional Payment Methods For Woocommerce.