WooCommerce Google Feed Manager Plugin Vulnerable to SQL Injection
CVE-2024-3067

7.2HIGH

Key Information:

Vendor

Wordpress
Status
WooCommerce Google Feed Manager
Vendor
CVE Published:
16 April 2024

What is CVE-2024-3067?

The WooCommerce Google Feed Manager plugin for WordPress is susceptible to SQL Injection through the 'id' parameter, affecting all versions up to and including 2.4.2. This vulnerability arises from inadequate escaping of user-supplied input and insufficient preparation of the SQL queries involved. Consequently, authenticated attackers with administrator-level access can insert additional SQL commands into existing queries, potentially compromising sensitive information stored in the database. Moreover, unauthenticated attackers can exploit this flaw to inject malicious web scripts, posing significant security risks for users of the plugin. It is imperative for users and administrators to take action to mitigate exposure to these threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WooCommerce Google Feed Manager * <= 2.4.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/wp-product-fee...
https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Krzysztof ZajÄ…c
JSON
.