What is CVE-2022-0783?

CVE-2022-0783 is a vulnerability in Multiple Shipping Address Woocommerce, classified under SQL Injection. Published 2022-05-02.

Is CVE-2022-0783 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Multiple Shipping Address Woocommerce

CVE-2022-0783

The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauth…

Vulnerability class: SQL Injection

EPSS: 0.545 (98.1th percentile) — read the EPSS interpretation.

Affected products

Unknown Multiple Shipping Address Woocommerce — versions 2.0

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates
20142995/sectool
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
Ostorlab/KEV
cyllective/CVEs
l0928h/kate

References

wpscan.com/vulnerability/4d594424-8048-482d-b61c-45be1e97a8ba (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0783?: CVE-2022-0783 is a vulnerability in Multiple Shipping Address Woocommerce, classified under SQL Injection. Published 2022-05-02.
Is CVE-2022-0783 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.