Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

[email protected]

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram
CVE

CVE-2024-49691 – Product Filter by WBW

Published : 2024-10-24

Title: WordPress Product Filter by WBW plugin <= 2.7.0 – SQL Injection vulnerability

Description

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Woobewoo Product Filter by WBW allows SQL Injection.This issue affects Product Filter by WBW: from n/a through 2.7.0.

CWE

CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

CVSS

ScoreSeverityVersionVector String
7.6HIGH3.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Vendor : n/a

Product: Product Filter by WBW

Vulnerable Versions: n/a through 2.7.0

Proof of Concept:

REDACTED

Vulnerability found by: DFEND Security Researcher

References:

https://patchstack.com/database/vulnerability/woo-product-filter/wordpress-product-filter-by-wbw-plugin-2-7-0-sql-injection-vulnerability?_s_id=cve
https://www.cve.org/CVERecord?id=CVE-2024-49691