Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

[email protected]

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram
CVE

CVE-2024-47350 – YITH WooCommerce Ajax Search

Published : 2024-10-06

Title: WordPress YITH WooCommerce Ajax Search plugin <= 2.8.0 – SQL Injection vulnerability

Description

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in YITH YITH WooCommerce Ajax Search allows SQL Injection.This issue affects YITH WooCommerce Ajax Search: from n/a through 2.8.0.

CWE

CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

CVSS

ScoreSeverityVersionVector String
9.3CRITICAL3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Vendor : n/a

Product: YITH WooCommerce Ajax Search

Vulnerable Versions: n/a through 2.8.0

Proof of Concept:

REDACTED

Vulnerability found by: DFEND Security Researcher

References:

https://patchstack.com/database/vulnerability/yith-woocommerce-ajax-search/wordpress-yith-woocommerce-ajax-search-plugin-2-8-0-sql-injection-vulnerability?_s_id=cve