VYPR

Order Listener for WooCommerce

by WordPress

CVEs (1)

  • CVE-2022-0948CriMay 9, 2022
    risk 0.64cvss 9.8epss 0.10

    The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection