CVE-2024-49244 – CSV Product Import Export for WooCommerce

Published : 2024-10-17

Title: WordPress SV Product Import Export for WooCommerce plugin <= 1.0.0 – SQL Injection vulnerability

Description

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in cmssoft CSV Product Import Export for WooCommerce allows SQL Injection.This issue affects CSV Product Import Export for WooCommerce: from n/a through 1.0.0.

CWE

CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

CVSS

Score	Severity	Version	Vector String
8.5	HIGH	3.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Vendor : n/a

Product: CSV Product Import Export for WooCommerce

Vulnerable Versions: n/a through 1.0.0

Proof of Concept:

REDACTED

Vulnerability found by: DFEND Security Researcher

References:

– https://patchstack.com/database/vulnerability/csv-wc-product-import-export/wordpress-sv-product-import-export-for-woocommerce-plugin-1-0-0-sql-injection-vulnerability?_s_id=cve

– https://www.cve.org/CVERecord?id=CVE-2024-49244

Gallery

Contacts

CVE-2024-49244 – CSV Product Import Export for WooCommerce

Description

DFEND S.R.L.

CONTATTI

Gallery

Contacts

Description

CVE-2024-47312 – Classic Editor and Classic Widgets

CVE-2024-49691 – Product Filter by WBW

DFEND S.R.L.

CONTATTI