Lucene search

PatchstackCVELIST:CVE-2023-35879

HistoryOct 31, 2023 - 2:20 p.m.

CVE-2023-35879 WordPress WooCommerce Product Vendors Plugin <= 2.1.78 is vulnerable to SQL Injection

2023-10-3114:20:22

CWE-89

Patchstack

www.cve.org

wordpress

woocommerce

product vendors

sql injection

cve-2023-35879

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.2%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Product Vendors",
    "vendor": "WooCommerce",
    "versions": [
      {
        "changes": [
          {
            "at": "2.1.79",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.1.78",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-1-78-shop-manager-sql-injection-vulnerability?_s_id=cve