MidnightBSD

Advisories for ubigeo_de_peru_para_woocommerce_project

CVE-2022-0814 HIGH

The Ubigeo de PerĂº para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
ubigeo_de_peru_para_woocommerce_project ubigeo_de_peru_para_woocommerce *