CVE-2022-0783

CRITICAL NUCLEI

WooCommerce <2.0 - SQL Injection

Title source: llm

Description

The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections

Nuclei Templates (1)

Multiple Shipping Address Woocommerce < 2.0 - SQL Injection

HIGHVERIFIEDby ritikchaddha

FOFA: body="wp-content/plugins/multiple-shipping-address-woocommerce"

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/4d594424-8048-482d-b61c-45be1e97a8ba

Scores

CVSS v3 9.8

EPSS 0.5453

EPSS Percentile 98.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

themehigh/multiple_shipping_addresses_for_woocommerce < 2.0.0

Published May 02, 2022

Tracked Since Feb 18, 2026