CVE-2022-4547: SQL Injection
First published: Mon Jan 16 2023(Updated: )
The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as admin.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thedotstore Conditional Payment Methods For Woocommerce | <=1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-4547?
CVE-2022-4547 is a SQL injection vulnerability found in the Conditional Payment Methods for WooCommerce WordPress plugin through version 1.0.0.
What is the severity of CVE-2022-4547?
CVE-2022-4547 has a severity rating of 7.2, which is considered high.
How does CVE-2022-4547 affect the Conditional Payment Methods for WooCommerce plugin?
CVE-2022-4547 allows high privilege users, such as admins, or users with a role as low as admin, to exploit a SQL injection vulnerability in the Conditional Payment Methods for WooCommerce plugin.
How can I fix CVE-2022-4547?
To fix CVE-2022-4547, update the Conditional Payment Methods for WooCommerce plugin to version 1.0.1 or higher, which includes the necessary sanitization and escaping of parameters to prevent SQL injection.
Where can I find more information about CVE-2022-4547?
You can find more information about CVE-2022-4547 at the following links: [link1](https://bulletin.iese.de/post/conditional-payment-methods-for-woocommerce_1-0/) and [link2](https://wpscan.com/vulnerability/fe1514b4-74e1-4c19-8741-c0d4db9bab99).
- collector/nvd-index
- vendor/thedotstore
- canonical/thedotstore conditional payment methods for woocommerce
- version/thedotstore conditional payment methods for woocommerce/1.0.0