CVE-2021-24511

Summary

The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a product_id POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.

Affected Software

VendorProductVersion RangeStatus
UnknownProduct Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More3.3.1.0 < 3.3.1.0affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References