Lucene search
China National Vulnerability DatabaseCNVD-2021-102792HistoryDec 26, 2021 - 12:00 a.m.
WordPress Ni WooCommerce Custom Order Status plugin SQL injection vulnerability
2021-12-2600:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
wordpress
woocommerce
custom order status
sql injection
php
mysql
validation
external input
sql statements
get query() function
illegal commands
sensitive data
security vulnerability
EPSS
0.001
Percentile
37.7%
WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.A SQL injection vulnerability exists in the WordPress Ni WooCommerce Custom Order Status plugin, which stems from the lack of validation of external input SQL statements by the get query() function. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.
Related
prion
prion
Sql injection
2021-12-21 09:15:00
cve
cve
CVE-2021-24846
2021-12-21 09:15:07
wpvulndb
wpvulndb
Ni WooCommerce Custom Order Status < 1.9.7 - Subscriber+ SQL Injection
2021-11-22 00:00:00
cvelist
cvelist
patchstack
patchstack
wpexploit
wpexploit
Ni WooCommerce Custom Order Status < 1.9.7 - Subscriber+ SQL Injection
2021-11-22 00:00:00
nvd
nvd
CVE-2021-24846
2021-12-21 09:15:07