SQL Injection Vulnerability in WZone
CVE-2024-33544
Summary
The WZone WooCommerce Amazon Affiliates plugin has multiple severe security vulnerabilities, including an unauthenticated SQL injection vulnerability, an authenticated arbitrary option update vulnerability, and an authenticated SQL injection vulnerability. These vulnerabilities affect all tested versions of the plugin, prompting Patchstack to recommend deactivating and deleting the plugin due to the lack of response from the vendor and the absence of a patched version. Exploit PoC for the unauthenticated SQL injection vulnerability was released on July 17, 2024, making immediate removal of the plugin advisable.
Affected Version(s)
WZone <= 14.0.10
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
BeyondMachinesCVE-2024-33544Unpatched critical vulnerabilities WZone WooCommerce Amazon Affiliates
The WooCommerce Amazon Affiliates (WZone) plugin has multiple severe security vulnerabilities, including an authenticated arbitrary option update (CVE-2024-33549), an unauthenticated SQL injection (CVE-2024-33544), and an authenticated SQL injection (CVE-2024-33546), prompting Patchstack to advise u...
darkwebinformer.comCVE-2024-33544PoC Released - Mass Exploit - CVE-2024-33544 < Unauthenticated < SQL Injection
About the WZone Plugin The plugin WZone (premium version), which has over 35,000 sales, is one of the more popular premium plugins specifically related to affiliate integration between AWS and WooCommerce sites. Refs :/ https://nvd.nist.gov/vuln/detail/CVE-2024-33544 https://www.cvedetails.com/cv...
References
CVSS V3.1
Timeline
- 📰
First article discovered by darkwebinformer.com
Vulnerability published