An SQL Injection vulnerability has been identified in the WordPress WooCommerce Beta Tester Plugin. This vulnerability could allow a malicious actor to directly interact with the database of the affected website, including but not limited to stealing information.
This vulnerability was discovered and responsibly reported by teo23mal.
The vulnerability is an SQL Injection vulnerability that occurs in the woocommerce-beta-tester.php file. The vulnerability allows an attacker to exploit a flaw in the way that the plugin handles user input to inject malicious SQL code into the database.
The vulnerability has a CVSS 3.1 score of 7.6, which is considered to be high. This means that the vulnerability is likely to be exploited and could have a significant impact on the affected system.
The vulnerability affects all versions of the WooCommerce Beta Tester Plugin.
WooCommerce Beta Tester Plugin has been permanently closed for download as of August 23, 2023. Given this closure, it is no longer available for use, and no official updates or patches are expected.
An attacker who successfully exploits this vulnerability could:
- Steal sensitive information from the database, such as user passwords, credit card numbers, and email addresses.
- Modify data in the database, such as adding or deleting products or customers.
- Crash the database, causing the website to be unavailable.
Users of the WooCommerce Beta Tester Plugin, immediately deactivate and uninstall the plugin. This vulnerability has not been known to be fixed yet. Continuing to use this closed and vulnerable plugin puts the website at risk.