WordPress Homepage Product Organizer for WooCommerce plugin <= 1.1 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities
CVE-2022-30998

9.1CRITICAL

Key Information:

Vendor: Wordpress
Status: Homepage Product Organizer For WooCommerce (WordPress Plugin)
Vendor: CVE Published:; 22 July 2022

Summary

Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress.

Affected Version(s)

Homepage Product Organizer for WooCommerce (WordPress plugin) <= 1.1 <= 1.1

References

https://wordpress.org/plugins/homepage-product-organizer-...

x_refsource_CONFIRM

https://patchstack.com/database/vulnerability/homepage-pr...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 22, 2022
Vulnerability Reserved
Jun 30, 2022

Credit

Vulnerability discovered by Lenon Leite (Patchstack Alliance)