← volver
CVE-2022-30998

WordPress Homepage Product Organizer for WooCommerce plugin <= 1.1 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities

CVSS 9.1 CRITICALEPSS 0.7%CWE-89
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.1EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
22 jul 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Productos afectados
WooPlugins.co · Homepage Product Organizer for WooCommerce (WordPress plugin)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://patchstack.com/database/vulnerability/homepage-product-organizer-for-woocommerce/wordpress-homepage-product-organizer-for-woocommerce-plugin-1-1-multiple-authenticated-sql-injection-sqli-vulnerabilitieshttps://wordpress.org/plugins/homepage-product-organizer-for-woocommerce/#description