CVE-2022-30998

State: PUBLISHED · Published: 2022-07-22 · Updated: 2025-02-20 · Assigner: Patchstack

Description

Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress.

CWE

CWE-89 — CWE-89 SQL Injection

Affected

WooPlugins.co / Homepage Product Organizer for WooCommerce (WordPress plugin) — v=<= 1.1 ≤1.1 [affected]

CVSS

3.1 score=9.1 severity=CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

References

https://wordpress.org/plugins/homepage-product-organizer-for-woocommerce/#description x_refsource_CONFIRM
https://patchstack.com/database/vulnerability/homepage-product-organizer-for-woocommerce/wordpress-homepage-product-organizer-for-woocommerce-plugin-1-1-multiple-authenticated-sql-injection-sqli-vulnerabilities x_refsource_CONFIRM

Source

cvelistV5-main/cves/2022/30xxx/CVE-2022-30998.json