SQL Injection Vulnerability in MultiLoca WooCommerce Inventory Management Plugin
CVE-2024-13341

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Multiloca - WooCommerce Multi Locations Inventory Management
Vendor: CVE Published:; 1 February 2025

Summary

The MultiLoca plugin for WooCommerce is affected by an SQL Injection vulnerability that allows authenticated users with Subscriber-level access or higher to exploit the 'data-id' parameter. Insufficient input validation and escaping practices in the SQL query can lead to unauthorized access to sensitive database information. This issue highlights the importance of robust security practices in plugin development to safeguard critical data.

Affected Version(s)

MultiLoca - WooCommerce Multi Locations Inventory Management * <= 4.1.11

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://codecanyon.net/item/woocommerce-multi-locations-i...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 1, 2025
Vulnerability Reserved
Jan 10, 2025

Credit

Aiden