Descrição
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2021-32789
Tags
Nâo informado
Data de publicação
26/07/2021
Última atualização
24/02/2022
Pontuação em CVSS 3.0
7.5
Alto