"TITLE":"Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi"
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"generator":"WPScan CVE Generator",
"affects":{
"vendor":{
"vendor_data":[
{
"vendor_name":"Unknown",
"product":{
"product_data":[
{
"product_name":"Order Listener for WooCommerce – Play Sounds Instantly on New Orders",
"version":{
"version_data":[
{
"version_affected":"<",
"version_name":"3.2.2",
"version_value":"3.2.2"
}
]
}
}
]
}
}
]
}
},
"description":{
"description_data":[
{
"lang":"eng",
"value":"The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection"
