CVE-2022-42497
Description
Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.
CWE
- CWE-89 — CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Affected
- API2Cart / Api2Cart Bridge Connector (WordPress plugin) — v=<= 1.1.0 ≤1.1.0 [affected]
CVSS
- 3.1 score=10 severity=CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
References
- https://patchstack.com/database/vulnerability/api2cart-bridge-connector/wordpress-api2cart-bridge-connector-plugin-1-1-0-arbitrary-code-execution-vulnerability?_s_id=cve
- https://wordpress.org/plugins/api2cart-bridge-connector/#developers
Source
cvelistV5-main/cves/2022/42xxx/CVE-2022-42497.json