Headline
CVE-2022-42497: WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary Code Execution vulnerability - Patchstack
Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.
Verified
Fixed
10
CVSS 3.1 score Critical severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 1.1.0
PSID
e8ae40303ceb
Classification
SQL Injection
OWASP Top 10
A1: Injection
Required privilege
Can be exploited remotely without any authentication.
Publicly disclosed
2022-10-28
Details
Arbitrary Code Execution vulnerability discovered by Dave Jong (Patchstack) in the WordPress Api2Cart Bridge Connector plugin (versions <= 1.1.0).
Solution
Update the WordPress Api2Cart Bridge Connector plugin to the latest available version (at least 1.2.0).
References