Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-0948: Changeset 2707223 – WordPress Plugin Repository

The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection

CVE
Open in Source
#sql#js#wordpress#php#auth

Timestamp:

04/08/2022 10:17:35 PM (4 weeks ago)

pluginbazar

Message:

security fixed with $wpdb

Location:

woc-order-alert/trunk

Files:

  • composer.lock
  • includes/class-hooks.php (2 diffs)
  • readme.txt (1 diff)
  • woc-order-alert.php (1 diff)

Legend:

Unmodified

Added

Removed

  • woc-order-alert/trunk/includes/class-hooks.php

    r2706677

    r2707223

107

107

            global $wpdb;

108

108

109

 

            $all\_orders           = $wpdb->get\_results( "SELECT \* FROM " . OLISTENER\_DATA\_TABLE . " WHERE read\_status = 'unread'" );

 

109

            $all\_orders           = $wpdb->get\_results(

 

110

                $wpdb->prepare( "SELECT \* FROM {$wpdb->prefix}woocommerce\_order\_listener WHERE read\_status = %s", 'unread' )

 

111

            );

 

112

            $all\_orders           = ! is\_array( $all\_orders ) ? array() : $all\_orders;

110

113

            $order\_list\_items\_all = olistener()->get\_order\_list\_items();

111

114

            $order\_list\_items     = olistener()->get\_option( 'olistener\_order\_list\_items', array\_keys( $order\_list\_items\_all ) );

…

…

 

192

195

193

196

                $order\_total  = sanitize\_text\_field( olistener()->get\_args\_option( 'total', '', $json\_params ) );

194

 

                $all\_orders   = $wpdb->get\_results( "SELECT \* FROM " . OLISTENER\_DATA\_TABLE . " WHERE \`order\_id\` = $order\_id AND \`order\_total\` = $order\_total" );

 

197

                $all\_orders   = $wpdb->get\_results(

 

198

                    $wpdb->prepare( "SELECT \* FROM {$wpdb->prefix}woocommerce\_order\_listener WHERE order\_id = %d", $order\_id )

 

199

                );

 

200

                $all\_orders   = ! is\_array( $all\_orders ) ? array() : $all\_orders;

195

201

                $latest\_order = end( $all\_orders );

196

202

                $order\_args   = array(

  • woc-order-alert/trunk/readme.txt

    r2706677

    r2707223

7

7

    Tested up to: 5.9.3

8

8

    Tested up to WooCommerce: 6.3.1

9

 

    Stable tag: 3.2.0

 

9

    Stable tag: 3.2.2

10

10

    License: GPLv2 or later

11

11

    License URI: http://www.gnu.org/licenses/gpl-2.0.html

  • woc-order-alert/trunk/woc-order-alert.php

    r2706677

    r2707223

4

4

    Plugin URI: https://pluginbazar.com/

5

5

    Description: Play sound as notification instantly on new order in your WooCommerce store

6

 

    Version: 3.2.1

 

6

    Version: 3.2.2

7

7

    Author: Pluginbazar

8

8

    Author URI: https://pluginbazar.com/

Note: See TracChangeset for help on using the changeset viewer.

Related news

CVE-2022-0948: Changeset 2707223 – WordPress Plugin Repository

The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE