CVE-2022-4547 - Vulnerability Details - OpenCVE

The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as admin.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Thedotstore	Conditional Payment Methods For Woocommerce

Configuration 1 [-]

cpe:2.3:a:thedotstore:conditional_payment_methods_for_woocommerce:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://bulletin.iese.de/post/conditional-payment-methods-for-woocommerce_1-0/
https://wpscan.com/vulnerability/fe1514b4-74e1-4c19-8741-c0d4db9bab99

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-01-16T15:37:50.411Z

Updated: 2024-08-03T01:41:45.616Z

Reserved: 2022-12-16T08:11:40.708Z

Link: CVE-2022-4547

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-16T16:15:13.290

Modified: 2024-11-21T07:35:27.947

Link: CVE-2022-4547

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4547", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2022-12-16T08:11:40.708Z", "datePublished": "2023-01-16T15:37:50.411Z", "dateUpdated": "2024-08-03T01:41:45.616Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-01-16T15:37:50.411Z"}, "title": "Conditional Payment Methods for WooCommerce <= 1.0 - Admin+ SQLi", "problemTypes": [{"descriptions": [{"description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Conditional Payment Methods for WooCommerce", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThanOrEqual": "1.0"}], "defaultStatus": "affected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as admin."}], "references": [{"url": "https://wpscan.com/vulnerability/fe1514b4-74e1-4c19-8741-c0d4db9bab99", "tags": ["exploit", "vdb-entry", "technical-description"]}, {"url": "https://bulletin.iese.de/post/conditional-payment-methods-for-woocommerce_1-0/"}], "credits": [{"lang": "en", "value": "Kunal Sharma (University of Kaiserslautern)", "type": "finder"}, {"lang": "en", "value": "Daniel Krohmer (Fraunhofer IESE)", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:41:45.616Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/fe1514b4-74e1-4c19-8741-c0d4db9bab99", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://bulletin.iese.de/post/conditional-payment-methods-for-woocommerce_1-0/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:thedotstore:conditional_payment_methods_for_woocommerce:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F1C642DC-3950-4DF4-8694-040457BCE0BC", "versionEndIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as admin."}, {"lang": "es", "value": "El complemento Conditional Payment Methods for WooCommerce de WordPress hasta la versi\u00f3n 1.0 no desinfecta ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que lleva a una inyecci\u00f3n de SQL explotable por usuarios con privilegios elevados como administrador con un rol tan bajo como administrador."}], "id": "CVE-2022-4547", "lastModified": "2024-11-21T07:35:27.947", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-16T16:15:13.290", "references": [{"source": "contact@wpscan.com", "tags": ["Broken Link"], "url": "https://bulletin.iese.de/post/conditional-payment-methods-for-woocommerce_1-0/"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/fe1514b4-74e1-4c19-8741-c0d4db9bab99"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://bulletin.iese.de/post/conditional-payment-methods-for-woocommerce_1-0/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/fe1514b4-74e1-4c19-8741-c0d4db9bab99"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}