virus logo Intrusion Prevention

WordPress.WooCommerce.Blocks.collection-data.SQL.Injection

description-logoDescription

This indicates an attack attempt to exploit an SQL Injection Vulnerability in WordPress WooCommerce Gutenberg Blocks plugin.
The vulnerability is due to insufficient sanitization of user supplied inputs in the application. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to arbitrary SQL code execution in the security context of the database service connected to the application.

affected-products-logoAffected Products

Wordpress WooCommerce plugin 2.5.0 prior to 2.5.16
Wordpress WooCommerce plugin 2.6.0 prior to 2.6.2
Wordpress WooCommerce plugin 2.7.0 prior to 2.7.2
Wordpress WooCommerce plugin 2.8.0 prior to 2.8.1
Wordpress WooCommerce plugin 2.9.0 prior to 2.9.1
Wordpress WooCommerce plugin 3.0.0 prior to 3.0.1
Wordpress WooCommerce plugin 3.1.0 prior to 3.1.1
Wordpress WooCommerce plugin 3.2.0 prior to 3.2.1
Wordpress WooCommerce plugin 3.3.0 prior to 3.3.1
Wordpress WooCommerce plugin 3.4.0 prior to 3.4.1
Wordpress WooCommerce plugin 3.5.0 prior to 3.5.1
Wordpress WooCommerce plugin 3.6.0 prior to 3.6.1
Wordpress WooCommerce plugin 3.7.0 prior to 3.7.2
Wordpress WooCommerce plugin 3.8.0 prior to 3.8.1
Wordpress WooCommerce plugin 3.9.0 prior to 3.9.1
Wordpress WooCommerce plugin 4.0.0 prior to 4.0.1
Wordpress WooCommerce plugin 4.1.0 prior to 4.1.1
Wordpress WooCommerce plugin 4.2.0 prior to 4.2.1
Wordpress WooCommerce plugin 4.3.0 prior to 4.3.1
Wordpress WooCommerce plugin 4.4.0 prior to 4.4.3
Wordpress WooCommerce plugin 4.5.0 prior to 4.5.3
Wordpress WooCommerce plugin 4.6.0 prior to 4.6.1
Wordpress WooCommerce plugin 4.7.0 prior to 4.7.1
Wordpress WooCommerce plugin 4.8.0 prior to 4.8.1
Wordpress WooCommerce plugin 4.9.0 prior to 4.9.2
Wordpress WooCommerce plugin 5.0.0 prior to 5.0.1
Wordpress WooCommerce plugin 5.1.0 prior to 5.1.1
Wordpress WooCommerce plugin 5.2.0 prior to 5.2.1
Wordpress WooCommerce plugin 5.3.0 prior to 5.3.2
Wordpress WooCommerce plugin 5.4.0 prior to 5.4.1
Wordpress WooCommerce plugin 5.5.0 prior to 5.5.1

Impact logoImpact

System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor:
https://wordpress.org/plugins/woocommerce/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2024-04-29 27.776 Default_action:pass:drop
2024-04-17 27.770
ID 55500
Created Apr 09, 2024
Updated Apr 29, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2021-32789
Exploit Prediction Score 9.77%
Default Action drop
Active
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App PHP_app