SQL Injection in Ubigeo De Perú Para Woocommerce Y Wordpress
CVE-2022-0814
The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, lea…
Vulnerability class: SQL Injection
EPSS: 0.582 (98.2th percentile) — read the EPSS interpretation.
Affected products
- Unknown Ubigeo De Perú Para Woocommerce Y Wordpress — versions 3.6.4
Weakness classification (CWE)
Public proof-of-concept exploits
References
- wpscan.com/vulnerability/fd84dc08-0079-4fcf-81c3-a61d652e3269 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2022-0814?
- CVE-2022-0814 is a vulnerability in Ubigeo De Perú Para Woocommerce Y Wordpress, classified under SQL Injection. Published 2022-05-09.
- Is CVE-2022-0814 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.