RSS   Vulnerabilities for
'Ni woocommerce custom order status'
   RSS

2021-12-21
 
CVE-2021-24846

CWE-89
 

 
The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by any authenticated users, such as subscriber

 


Copyright 2024, cxsecurity.com

 

Back to Top