Unauthenticated SQL Injection Vulnerability in Piraeus Bank WooCommerce Payment Gateway Plugin
CVE-2024-0610

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Piraeus Bank WooCommerce Payment Gateway
Vendor: CVE Published:; 17 February 2024

What is CVE-2024-0610?

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is subject to a time-based blind SQL injection vulnerability. This issue arises from inadequate escaping of user-supplied parameters, particularly the 'MerchantReference' parameter. Versions of the plugin up to and including 1.6.5.1 lack sufficient preparation for the SQL queries, allowing unauthenticated attackers to inject additional SQL statements. Consequently, this could lead to the unauthorized extraction of sensitive data from the database, posing significant risks to data integrity and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Piraeus Bank WooCommerce Payment Gateway * <= 1.6.5.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 17, 2024
Vulnerability Reserved
Jan 16, 2024

Credit

Francesco Carlucci

JSON

WordPress

What is CVE-2024-0610?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.