High severity7.2NVD Advisory· Published Sep 20, 2021· Updated Jun 17, 2026
CVE-2021-24511
CVE-2021-24511
Description
The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a product_id POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/WooCommercedescription
- Range: <3.3.1.0
Patches
Vulnerability mechanics
References
2- codevigilant.com/disclosure/2021/wp-plugin-purple-xmls-google-product-feed-for-woocommerce/nvdExploitPatchThird Party Advisory
- wpscan.com/vulnerability/0fa114a0-29df-4312-9138-eb9f0aedb3c5nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.