Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Pricing Deals for WooCommerce by Unknown

    CVE-2022-1057 (GCVE-0-2022-1057)

    Vulnerability from nvd – Published: 2022-07-11 12:55 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Pricing Deals for WooCommerce <= 2.0.2.02 - Unauthenticated SQLi
    Summary
    The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Pricing Deals for WooCommerce Affected: 2.0.2.02 , ≤ 2.0.2.02 (custom)
    Create a notification for this product.
    Credits
    wuzhenyu
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/7c33ffc3-84d1-4a0f-a837-794cdc3ad243"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pricing Deals for WooCommerce",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.2.02",
                  "status": "affected",
                  "version": "2.0.2.02",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "wuzhenyu"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-11T12:55:35.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/7c33ffc3-84d1-4a0f-a837-794cdc3ad243"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Pricing Deals for WooCommerce \u003c= 2.0.2.02 - Unauthenticated SQLi",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1057",
              "STATE": "PUBLIC",
              "TITLE": "Pricing Deals for WooCommerce \u003c= 2.0.2.02 - Unauthenticated SQLi"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pricing Deals for WooCommerce",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.0.2.02",
                                "version_value": "2.0.2.02"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "wuzhenyu"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/7c33ffc3-84d1-4a0f-a837-794cdc3ad243",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/7c33ffc3-84d1-4a0f-a837-794cdc3ad243"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1057",
        "datePublished": "2022-07-11T12:55:35.000Z",
        "dateReserved": "2022-03-23T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.247Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1057 (GCVE-0-2022-1057)

    Vulnerability from cvelistv5 – Published: 2022-07-11 12:55 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Pricing Deals for WooCommerce <= 2.0.2.02 - Unauthenticated SQLi
    Summary
    The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Pricing Deals for WooCommerce Affected: 2.0.2.02 , ≤ 2.0.2.02 (custom)
    Create a notification for this product.
    Credits
    wuzhenyu
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/7c33ffc3-84d1-4a0f-a837-794cdc3ad243"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pricing Deals for WooCommerce",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.2.02",
                  "status": "affected",
                  "version": "2.0.2.02",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "wuzhenyu"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-11T12:55:35.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/7c33ffc3-84d1-4a0f-a837-794cdc3ad243"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Pricing Deals for WooCommerce \u003c= 2.0.2.02 - Unauthenticated SQLi",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1057",
              "STATE": "PUBLIC",
              "TITLE": "Pricing Deals for WooCommerce \u003c= 2.0.2.02 - Unauthenticated SQLi"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pricing Deals for WooCommerce",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.0.2.02",
                                "version_value": "2.0.2.02"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "wuzhenyu"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/7c33ffc3-84d1-4a0f-a837-794cdc3ad243",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/7c33ffc3-84d1-4a0f-a837-794cdc3ad243"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1057",
        "datePublished": "2022-07-11T12:55:35.000Z",
        "dateReserved": "2022-03-23T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.247Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }