What is CVE-2022-3481?

CVE-2022-3481 is a vulnerability in Woocommerce Dropshipping, classified under CWE-89 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION'). Published 2022-11-07.

Is CVE-2022-3481 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Woocommerce Dropshipping

CVE-2022-3481

The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection

EPSS: 0.525 (98.0th percentile) — read the EPSS interpretation.

Affected products

Unknown Woocommerce Dropshipping — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores

References

wpscan.com/vulnerability/c5e395f8-257e-49eb-afbd-9c1e26045373 (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2022-3481?: CVE-2022-3481 is a vulnerability in Woocommerce Dropshipping, classified under CWE-89 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION'). Published 2022-11-07.
Is CVE-2022-3481 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.