CVE-2022-0814

CRITICAL NUCLEI

Ubigeo de Per para Woocommerce < 3.6.4 - Unauthenticated SQL Injection via AJAX Parameters

Title source: llm

Exploitation Summary

CVE-2022-0814 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections

Nuclei Templates (1)

Ubigeo de Peru < 3.6.4 - SQL Injection

CRITICALVERIFIEDby r3Y3r53

Shodan: http.html:/wp-content/plugins/ubigeo-peru/

FOFA: body=/wp-content/plugins/ubigeo-peru/

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://wpscan.com/vulnerability/fd84dc08-0079-4fcf-81c3-a61d652e3269

Scores

CVSS v3 9.8

EPSS 0.0891

EPSS Percentile 94.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

ubigeo_de_peru_para_woocommerce_project/ubigeo_de_peru_para_woocommerce < 3.6.4

Published May 09, 2022

Tracked Since Feb 18, 2026