cbcvebase.
CVE-2022-0783
published 2022-05-02

CVE-2022-0783: The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
6.85%
93.2th percentile
The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections

Affected

1 ranges
VendorProductVersion rangeFixed in
themehighmultiple_shipping_addresses_for_woocommerce< 2.0.02.0.0

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is exploitable by unauthenticated users via AJAX actions. Monitor WordPress AJAX endpoints (wp-admin/admin-ajax.php) for suspicious SQL-injectable parameters originating from unauthenticated requests targeting the Multiple Shipping Address Woocommerce plugin (versions before 2.0).
  • A fingerprint-based probe for this vulnerability expects a response body of exactly 5 bytes, HTTP status 200, and a body ending with the string 'false'. Detections or WAF rules can flag responses matching these characteristics in combination with requests to the plugin's AJAX handlers.
  • ·The exploit/detection template digest provided is a cryptographic signature for the nuclei template itself, not an IOC for network traffic. It can be used to verify template integrity but should not be used as a network detection indicator.
  • ·The SQL injection affects 'numerous parameters' across 'some AJAX actions' but the specific parameter names and action names are not disclosed in the available sources. Broader AJAX traffic monitoring is required until specific parameter names are identified.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.