SQL Injection Vulnerability in WordPress Cart66 Lite Plugin

SQL Injection Vulnerability in WordPress Cart66 Lite Plugin

Vector: Remote
Severity: Low
Patch: Patched
Impact: Data Manipulation
Software: WordPress Cart66 Lite Plugin 1.x , vulnerable versions: <=1.5.1.17

SQL inection vulnerability has been discovered in WordPress Cart66 Lite Plugin.

Vulnerability is caused by an input validation error while processing the “id” POST parameter to wp-admin/admin-ajax.php (when “action” is set to “shortcode_products_table”). A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary SQL commands in application`s database.

Further exploitation of this vulnerability may result in unauthorized data manipulation.

Solution:
For WordPress Cart66 Lite Plugin 1.x: Update to version 1.5.2.
Links:

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.