CVE-2021-32789

HIGH EXPLOITED IN THE WILD NUCLEI

WooCommerce Gutenberg Blocks <2.5.16 - SQL Injection

Title source: llm

Exploitation Summary

CVE-2021-32789 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 2 public exploits from researchers including and0x00, DonVorrin. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Go-based exploit for CVE-2021-32789, which targets a SQL injection vulnerability in WordPress WooCommerce. The exploit dumps user credentials by leveraging a crafted HTTP request to the WooCommerce REST API endpoint.

Description

woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.

Exploits (2)

nomisec WORKING POC 1 stars

by and0x00 · infoleak

https://github.com/and0x00/CVE-2021-32789

View Code ZIP pw:eip

This repository contains a functional Go-based exploit for CVE-2021-32789, which targets a SQL injection vulnerability in WordPress WooCommerce. The exploit dumps user credentials by leveraging a crafted HTTP request to the WooCommerce REST API endpoint.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WordPress WooCommerce (versions affected by CVE-2021-32789)

No auth needed

Prerequisites: Target must have vulnerable WooCommerce plugin installed · REST API endpoint must be accessible

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by DonVorrin · remote-auth

https://github.com/DonVorrin/CVE-2021-32789

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2021-32789, an authenticated blind SQL injection vulnerability in the WooCommerce plugin for WordPress. The exploit automates the extraction of database information, including tables and columns, via crafted requests to the vulnerable endpoint.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WordPress WooCommerce plugin versions >= 2.5.0

Auth required

Prerequisites: Authenticated access to the WordPress WooCommerce plugin · Vulnerable WooCommerce plugin version >= 2.5.0

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection

HIGHby rootxharsh,iamnoooob,S1r1u5_,cookiehanhoan,madrobot

References (5)

Core 5

Core References

Patch, Third Party Advisory x_refsource_confirm

https://github.com/woocommerce/woocommerce-gutenberg-products-block/security/advisories/GHSA-6hq4-w6wv-8wrp

Broken Link x_refsource_misc

https://github.com/woocommerce/woocommerce-gutenberg-products-block-ghsa-6hq4-w6wv-8wrp/pull/1

Permissions Required x_refsource_misc

https://hackerone.com/reports/1260787

Vendor Advisory x_refsource_misc

https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/

Permissions Required x_refsource_misc

https://wooengineering.wordpress.com/2021/07/14/incident-report-sql-injection-via-store-api/

Scores

CVSS v3 7.5

EPSS 0.1723

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2021-07-23

InTheWild.io 2021-07-15

CWE

CWE-89

Status published

Products (1)

automattic/woocommerce_blocks 2.5.0 - 2.5.16

Published Jul 26, 2021

Tracked Since Feb 18, 2026