Impact
The vulnerability is a subscriber SQL injection that exists in WooCommerce Frontend Manager – Ultimate plugin versions earlier than 6.7.7. It can enable an attacker who can submit crafted input through the web interface to execute arbitrary SQL statements against the database, potentially exposing or tampering with sensitive data. The identified weakness is CWE‑89 and the impact is confidentiality, integrity, and availability compromise.
Affected Systems
The affected product is WooCommerce Frontend Manager – Ultimate from WC Lovers. Versions lower than 6.7.7 are impacted.
Risk and Exploitability
The CVSS score of 8.5 classifies the issue as high severity. No EPSS score is available, and the vulnerability is not listed in CISA KEV. Attackers can exploit the flaw by sending malicious payloads through the plugin’s web interface; therefore the likely attack vector is web-based
OpenCVE Enrichment