Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

[email protected]

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram
CVE

CVE-2024-53783 – Ni WooCommerce Cost Of Goods

Published : 2024-11-30

Title: WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 – SQL Injection vulnerability

Description

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Anzia Ni WooCommerce Cost Of Goods allows SQL Injection.This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8.

CWE

CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

CVSS

ScoreSeverityVersionVector String
7.6HIGH3.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Vendor : n/a

Product: Ni WooCommerce Cost Of Goods

Vulnerable Versions: n/a through 3.2.8

Proof of Concept:

REDACTED

Vulnerability found by: DFEND Security Researcher

References:

https://patchstack.com/database/wordpress/plugin/ni-woocommerce-cost-of-goods/vulnerability/wordpress-ni-woocommerce-cost-of-goods-plugin-3-2-8-sql-injection-vulnerability?_s_id=cve
https://www.cve.org/CVERecord?id=CVE-2024-53783