CVE-2022-0783
CRITICAL NUCLEIMultiple Shipping Address Woocommerce < 2.0.0 - Unauthenticated SQL Injection via AJAX Parameters
Title source: llmExploitation Summary
CVE-2022-0783 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections
Nuclei Templates (1)
Multiple Shipping Address Woocommerce < 2.0 - SQL Injection
HIGHVERIFIEDby ritikchaddha
FOFA:
body="wp-content/plugins/multiple-shipping-address-woocommerce"
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/4d594424-8048-482d-b61c-45be1e97a8ba
Scores
CVSS v3
9.8
EPSS
0.0671
EPSS Percentile
93.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
themehigh/multiple_shipping_addresses_for_woocommerce
< 2.0.0
Published
May 02, 2022
Tracked Since
Feb 18, 2026