SQL Injection Vulnerability in Advance Seat Reservation Management Plugin for WooCommerce
CVE-2024-13344

7.5HIGH

Key Information:

Vendor: Smartcms
Status: Advance Seat Reservation Management For WooCommerce
Vendor: CVE Published:; 2 May 2025

Summary

The Advance Seat Reservation Management for WooCommerce plugin for WordPress is susceptible to SQL Injection due to inadequate escaping of the 'profileId' parameter and insufficient preparation of SQL queries. This vulnerability allows unauthenticated attackers to inject malicious SQL queries, potentially leading to unauthorized access to sensitive database information.

Affected Version(s)

Advance Seat Reservation Management for WooCommerce * <= 3.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://codecanyon.net/item/advance-seat-reservation-mana...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 2, 2025
Vulnerability Reserved
Jan 10, 2025

Credit

Aiden