SQL Injection Vulnerability in Advance Seat Reservation Management Plugin for WooCommerce
CVE-2024-13344
7.5HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 2 May 2025
What is CVE-2024-13344?
The Advance Seat Reservation Management for WooCommerce plugin for WordPress is susceptible to SQL Injection due to inadequate escaping of the 'profileId' parameter and insufficient preparation of SQL queries. This vulnerability allows unauthenticated attackers to inject malicious SQL queries, potentially leading to unauthorized access to sensitive database information.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Advance Seat Reservation Management for WooCommerce * <= 3.3
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Aiden