SQL Injection Vulnerability in WordPress Cart66 Lite Plugin
SQL Injection Vulnerability in WordPress Cart66 Lite Plugin
Vector: | Remote |
Severity: | Low |
Patch: | Patched |
Impact: | Data Manipulation |
Software: | WordPress Cart66 Lite Plugin 1.x , vulnerable versions: <=1.5.1.17 |
SQL inection vulnerability has been discovered in WordPress Cart66 Lite Plugin.
Vulnerability is caused by an input validation error while processing the “id” POST parameter to wp-admin/admin-ajax.php (when “action” is set to “shortcode_products_table”). A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary SQL commands in application`s database.
Further exploitation of this vulnerability may result in unauthorized data manipulation.
Solution:
For WordPress Cart66 Lite Plugin 1.x: Update to version 1.5.2.
Links:
Leave a Reply
Want to join the discussion?Feel free to contribute!