Posts

Showing posts with the label woocommerce sql injection

SQL injection vulnerability in WooCommerce : Wordfence

Image
Yesterday Matt Barry, researchers at Wordfence discovered a SQL injection vulnerability in WooCommerce version 2.3.5 and more established amid a code review of the plugin storehouse. WooCommerce is introduced on more than 1 million active WordPress websites . Wordfence has quickly reached Woo about the issue and they've been unimaginably responsive, discharging a fix early today with their arrival of WooCommerce version 2.3.6. We emphatically recommend you instantly upgrade on the off chance that you have not as of now. The particular issue is a SQL injection weakness in the administrator board. Inside the Tax Settings page of WooCommerce, the key of the "tax_rate_country" POST parameter is passed unescaped into a SQL insert articulation. For instance, a payload of tax_rate_country[(SELECT SLEEP(10))] would result in the MySQL server to rest for 10 seconds. Since this helplessness requires either a Shop Manager or Admin client account, it would need to be consolida...