CVE-2021-32789 (GCVE-0-2021-32789)
Vulnerability from cvelistv5
Published
2021-07-26 15:30
Modified
2024-08-03 23:33
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.
References
Impacted products
Vendor Product Version
woocommerce woocommerce-gutenberg-products-block Version: > 2.5.0, < 2.5.16
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:33:56.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/woocommerce/woocommerce-gutenberg-products-block/security/advisories/GHSA-6hq4-w6wv-8wrp"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/woocommerce/woocommerce-gutenberg-products-block-ghsa-6hq4-w6wv-8wrp/pull/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1260787"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wooengineering.wordpress.com/2021/07/14/incident-report-sql-injection-via-store-api/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "woocommerce-gutenberg-products-block",
          "vendor": "woocommerce",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e 2.5.0, \u003c 2.5.16"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-26T15:30:12",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/woocommerce/woocommerce-gutenberg-products-block/security/advisories/GHSA-6hq4-w6wv-8wrp"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/woocommerce/woocommerce-gutenberg-products-block-ghsa-6hq4-w6wv-8wrp/pull/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/1260787"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wooengineering.wordpress.com/2021/07/14/incident-report-sql-injection-via-store-api/"
        }
      ],
      "source": {
        "advisory": "GHSA-6hq4-w6wv-8wrp",
        "discovery": "UNKNOWN"
      },
      "title": "Arbitrary SQL (SQL injection) possible via the Store API component.",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-32789",
          "STATE": "PUBLIC",
          "TITLE": "Arbitrary SQL (SQL injection) possible via the Store API component."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "woocommerce-gutenberg-products-block",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e 2.5.0, \u003c 2.5.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "woocommerce"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/woocommerce/woocommerce-gutenberg-products-block/security/advisories/GHSA-6hq4-w6wv-8wrp",
              "refsource": "CONFIRM",
              "url": "https://github.com/woocommerce/woocommerce-gutenberg-products-block/security/advisories/GHSA-6hq4-w6wv-8wrp"
            },
            {
              "name": "https://github.com/woocommerce/woocommerce-gutenberg-products-block-ghsa-6hq4-w6wv-8wrp/pull/1",
              "refsource": "MISC",
              "url": "https://github.com/woocommerce/woocommerce-gutenberg-products-block-ghsa-6hq4-w6wv-8wrp/pull/1"
            },
            {
              "name": "https://hackerone.com/reports/1260787",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/1260787"
            },
            {
              "name": "https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/",
              "refsource": "MISC",
              "url": "https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/"
            },
            {
              "name": "https://wooengineering.wordpress.com/2021/07/14/incident-report-sql-injection-via-store-api/",
              "refsource": "MISC",
              "url": "https://wooengineering.wordpress.com/2021/07/14/incident-report-sql-injection-via-store-api/"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-6hq4-w6wv-8wrp",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-32789",
    "datePublished": "2021-07-26T15:30:12",
    "dateReserved": "2021-05-12T00:00:00",
    "dateUpdated": "2024-08-03T23:33:56.078Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-32789\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-07-26T16:15:07.743\",\"lastModified\":\"2024-11-21T06:07:44.670\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.\"},{\"lang\":\"es\",\"value\":\"woocommerce-gutenberg-products-block es un plugin de caracter\u00edsticas para WooCommerce Gutenberg Blocks. Una vulnerabilidad de inyecci\u00f3n SQL afecta a todos los sitios de WooCommerce que ejecutan el plugin de caracter\u00edsticas WooCommerce Blocks entre la versi\u00f3n 2.5.0 y anterior a versi\u00f3n 2.5.16. Por medio de una URL cuidadosamente dise\u00f1ada, se puede ejecutar una explotaci\u00f3n contra el endpoint \\\"wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]\\\" que permite la ejecuci\u00f3n de una consulta sql de s\u00f3lo lectura. Se presentan parches para muchas versiones de este paquete, a partir de la versi\u00f3n 2.5.16. No se conocen soluciones aparte de la actualizaci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"2.5.0\",\"versionEndExcluding\":\"2.5.16\",\"matchCriteriaId\":\"68359551-9F3D-453A-85D8-27D62624B78A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"2.6.0\",\"versionEndExcluding\":\"2.6.2\",\"matchCriteriaId\":\"6429FAC5-E405-4A34-84C1-1E076E5C9012\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.7.2\",\"matchCriteriaId\":\"F3C13B7E-1674-466E-B6A2-1D573CCF3F26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"2.8.0\",\"versionEndExcluding\":\"2.8.1\",\"matchCriteriaId\":\"27431D15-B0D2-4570-A78A-C2C03514CCF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"2.9.0\",\"versionEndExcluding\":\"2.9.1\",\"matchCriteriaId\":\"73F73B94-9F44-4D21-B67A-D6E096007CBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.1\",\"matchCriteriaId\":\"0267B1CF-B66F-4D59-8DBA-375F5AA15691\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"3.1.0\",\"versionEndExcluding\":\"3.1.1\",\"matchCriteriaId\":\"8605AB2F-D187-47B9-8931-C6B0882FF5E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"3.2.0\",\"versionEndExcluding\":\"3.2.1\",\"matchCriteriaId\":\"585C23D8-7004-445D-A549-46A034179F4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"3.3.0\",\"versionEndExcluding\":\"3.3.1\",\"matchCriteriaId\":\"69A76B90-5D0B-425B-A296-EA717B885822\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"3.4.0\",\"versionEndExcluding\":\"3.4.1\",\"matchCriteriaId\":\"F4454F2B-647D-48C9-81CC-6DBBA3C7FC1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"3.5.0\",\"versionEndExcluding\":\"3.5.1\",\"matchCriteriaId\":\"595849F3-68C8-4437-B0EF-4DD3F16ACA9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"3.6.0\",\"versionEndExcluding\":\"3.6.1\",\"matchCriteriaId\":\"1B3BC202-D7ED-4FF5-BE00-CF64C93B65EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"3.7.0\",\"versionEndExcluding\":\"3.7.2\",\"matchCriteriaId\":\"3D0C8A18-D248-422A-9683-090883CF191C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"3.8.0\",\"versionEndExcluding\":\"3.8.1\",\"matchCriteriaId\":\"D076177C-5CA6-4228-AEA8-735A3790FFE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"3.9.0\",\"versionEndExcluding\":\"3.9.1\",\"matchCriteriaId\":\"7AC3830C-1DF8-4AE4-A1DE-29DFDF054093\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.0.1\",\"matchCriteriaId\":\"DD5E7AB0-A785-40DB-A65E-C79DFEB38A92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"4.1.0\",\"versionEndExcluding\":\"4.1.1\",\"matchCriteriaId\":\"BD36188E-5549-4701-A589-13F5297E1ADC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"4.2.0\",\"versionEndExcluding\":\"4.2.1\",\"matchCriteriaId\":\"A5A2B674-3CAC-4C03-889F-895574D37A90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"4.3.0\",\"versionEndExcluding\":\"4.3.1\",\"matchCriteriaId\":\"60D0CD80-66CE-4BAA-A78F-81FB0ED2F921\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"4.4.0\",\"versionEndExcluding\":\"4.4.3\",\"matchCriteriaId\":\"E31E8388-E4D8-47EE-AFB4-DC34E9331C9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"4.5.0\",\"versionEndExcluding\":\"4.5.3\",\"matchCriteriaId\":\"C7250E33-3DD5-4ED2-A586-21DE27A8DE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"4.6.0\",\"versionEndExcluding\":\"4.6.1\",\"matchCriteriaId\":\"1E77457A-191D-4F05-95EF-182855BBCFD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"4.7.0\",\"versionEndExcluding\":\"4.7.1\",\"matchCriteriaId\":\"E45A55FA-A6EC-4FCF-BD5A-D6086D3B57E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"4.8.0\",\"versionEndExcluding\":\"4.8.1\",\"matchCriteriaId\":\"D8778822-40F1-484B-9CE7-33A9BE227BF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"4.9.0\",\"versionEndExcluding\":\"4.9.2\",\"matchCriteriaId\":\"FDE0A5E9-A610-41E2-8A33-5625B34BD917\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.0.1\",\"matchCriteriaId\":\"51AC9F1A-1EBD-45EF-85C5-DCAC4B3970D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"5.1.0\",\"versionEndExcluding\":\"5.1.1\",\"matchCriteriaId\":\"4CEA3134-B740-4433-A4B5-AFFA9C485D37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"5.2.0\",\"versionEndExcluding\":\"5.2.1\",\"matchCriteriaId\":\"8847A37A-B278-4FC4-80CA-D60C278251D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"5.3.0\",\"versionEndExcluding\":\"5.3.2\",\"matchCriteriaId\":\"FB063F8A-5680-4F05-BE4E-1638DC8C5517\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"5.4.0\",\"versionEndExcluding\":\"5.4.1\",\"matchCriteriaId\":\"061BDEA7-FD35-4625-BA99-9826687384DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:*\",\"versionStartIncluding\":\"5.5.0\",\"versionEndExcluding\":\"5.5.1\",\"matchCriteriaId\":\"AE035F6E-9918-4884-A5D9-9CC2309EC685\"}]}]}],\"references\":[{\"url\":\"https://github.com/woocommerce/woocommerce-gutenberg-products-block-ghsa-6hq4-w6wv-8wrp/pull/1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://github.com/woocommerce/woocommerce-gutenberg-products-block/security/advisories/GHSA-6hq4-w6wv-8wrp\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/1260787\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://wooengineering.wordpress.com/2021/07/14/incident-report-sql-injection-via-store-api/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://github.com/woocommerce/woocommerce-gutenberg-products-block-ghsa-6hq4-w6wv-8wrp/pull/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://github.com/woocommerce/woocommerce-gutenberg-products-block/security/advisories/GHSA-6hq4-w6wv-8wrp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/1260787\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://wooengineering.wordpress.com/2021/07/14/incident-report-sql-injection-via-store-api/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.