What the vulnerability does
01Description
Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.
Explanation of Vulnerability in Simple Terms
WP EasyCart versions up to 5.9.0 contain a SQL injection vulnerability in a network-accessible function that requires low-level authentication. An attacker with a user account can craft malicious input to read sensitive database records, including customer data and site configuration. The vulnerability also allows limited disruption of site availability.
What an attacker can do
Read sensitive data from the site's database, including customer information and configuration details.
Potential impact on your site
Customer data, payment records, and site configuration may be exposed to authenticated attackers; site availability may be degraded.
Conditions required to exploit
Attacker must have a low-privilege user account (e.g., customer or subscriber role) on the site.
Key dates
External resources
Related vulnerabilities