Email Verification for WooCommerce vulnerable to SQL Injection

CVE-2024-49305
9.3CRITICAL

Key Information

Vendor
WPfactory
Status
Email Verification For WooCommerce
Vendor
CVE Published:
17 October 2024

Summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Email Verification for WooCommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through 2.8.10.

Affected Version(s)

Email Verification for WooCommerce <= 2.8.10

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

shaman0x01 (Patchstack Alliance)
.