The Pricing Deals for WooCommerce WordPress plugin...
Critical severity
Unreviewed
Published
Jul 12, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Jul 11, 2022
Published to the GitHub Advisory Database
Jul 12, 2022
Last updated
Jan 27, 2023
The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection
References