Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce - Light SQL Injection Vulnerability
Vulnerability
A SQL injection vulnerability has been identified in the Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce - Light plugin, affecting versions through 2.4.37. This vulnerability allows for improper neutralization of special elements used in SQL commands, enabling direct manipulation of the database. Such exploitation could lead to unauthorized data access or modification.
Impact
Exploitation of this vulnerability allows for SQL injection, enabling attackers to interact with the database directly. This could result in unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Remediation
Users are advised to update to a version later than 2.4.37. For those using Patchstack, a virtual patch is available that blocks attacks targeting this vulnerability until an official fix can be safely applied.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.