First published: Mon Jan 16 2023(Updated: )
The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as admin.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Thedotstore Conditional Payment Methods For Woocommerce | <=1.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-4547 is a SQL injection vulnerability found in the Conditional Payment Methods for WooCommerce WordPress plugin through version 1.0.0.
CVE-2022-4547 has a severity rating of 7.2, which is considered high.
CVE-2022-4547 allows high privilege users, such as admins, or users with a role as low as admin, to exploit a SQL injection vulnerability in the Conditional Payment Methods for WooCommerce plugin.
To fix CVE-2022-4547, update the Conditional Payment Methods for WooCommerce plugin to version 1.0.1 or higher, which includes the necessary sanitization and escaping of parameters to prevent SQL injection.
You can find more information about CVE-2022-4547 at the following links: [link1](https://bulletin.iese.de/post/conditional-payment-methods-for-woocommerce_1-0/) and [link2](https://wpscan.com/vulnerability/fe1514b4-74e1-4c19-8741-c0d4db9bab99).