CVE-2023-3677
CVSS 3.1 Score 8.0 of 10 (high)
Details
Published Aug 31, 2023
Updated: Nov 7, 2023
CWE ID 426
Summary
CVE-2023-3677: The WooCommerce PDF Invoice Builder plugin for WordPress, versions up to and including 1.2.89, is vulnerable to SQL Injection attacks. The issue arises due to insufficient escaping of user-supplied data in the pageId parameter and an absence of proper preparation of existing SQL queries. This flaw enables attackers, including subscribers, to append malicious SQL queries to legitimate ones, potentially exposing sensitive information from the database.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Microsoft Exchange Server
Affected Vendors
- Microsoft