What the vulnerability does
01Description
Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions.
Explanation of Vulnerability in Simple Terms
The Order Delivery Date for WooCommerce plugin through version 4.5.1 contains a SQL injection vulnerability in its database queries. An unauthenticated attacker can inject malicious SQL code through user input to read sensitive data from the site's database, including customer information and order details. The vulnerability requires no user interaction and can be exploited remotely over the network.
What an attacker can do
Read sensitive data from the site's database, including customer records and order information.
Potential impact on your site
Customer data and order information may be exposed to unauthorized access without your knowledge.
Conditions required to exploit
Network access to the site; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities