CVE-2023-3677

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Aug 31, 2023
Updated: Nov 7, 2023
CWE ID 426

Summary

CVE-2023-3677: The WooCommerce PDF Invoice Builder plugin for WordPress, versions up to and including 1.2.89, is vulnerable to SQL Injection attacks. The issue arises due to insufficient escaping of user-supplied data in the pageId parameter and an absence of proper preparation of existing SQL queries. This flaw enables attackers, including subscribers, to append malicious SQL queries to legitimate ones, potentially exposing sensitive information from the database.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Exchange Server

Affected Vendors

  • Microsoft