CVE-2024-6205

The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:payplus:payplus_payment_gateway:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 09:49

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/7e2c5032-2917-418c-aee3-092bdb78a087/ - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/7e2c5032-2917-418c-aee3-092bdb78a087/ - Exploit, Third Party Advisory

19 Jul 2024, 20:23

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/7e2c5032-2917-418c-aee3-092bdb78a087/ - () https://wpscan.com/vulnerability/7e2c5032-2917-418c-aee3-092bdb78a087/ - Exploit, Third Party Advisory
CWE CWE-89
CPE cpe:2.3:a:payplus:payplus_payment_gateway:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
First Time Payplus
Payplus payplus Payment Gateway

19 Jul 2024, 13:01

Type Values Removed Values Added
Summary
  • (es) El complemento PayPlus Payment Gateway de WordPress anterior a 6.6.9 no sanitiza ni escapa adecuadamente un parámetro antes de usarlo en una declaración SQL a través de una ruta API de WooCommerce disponible para usuarios no autenticados, lo que genera una vulnerabilidad de inyección SQL.

19 Jul 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-19 06:15

Updated : 2024-11-21 09:49


NVD link : CVE-2024-6205

Mitre link : CVE-2024-6205

CVE.ORG link : CVE-2024-6205


JSON object : View

Products Affected

payplus

  • payplus_payment_gateway
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')