CVE-2022-0814

CRITICAL NUCLEI

Ubigeo DE Peru Para Woocommerce < 3.6.4 - SQL Injection

Title source: rule

Description

The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections

Nuclei Templates (1)

Ubigeo de Peru < 3.6.4 - SQL Injection

CRITICALVERIFIEDby r3Y3r53

Shodan: http.html:/wp-content/plugins/ubigeo-peru/

FOFA: body=/wp-content/plugins/ubigeo-peru/

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/fd84dc08-0079-4fcf-81c3-a61d652e3269

Scores

CVSS v3 9.8

EPSS 0.5820

EPSS Percentile 98.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

ubigeo_de_peru_para_woocommerce_project/ubigeo_de_peru_para_woocommerce < 3.6.4

Published May 09, 2022

Tracked Since Feb 18, 2026