Woocommerce Gutenberg Products Block
Approved changes feed: RSS · Atom
cpe:2.3:a:woocommerce:woocommerce-gutenberg-products-block:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Woocommerce (c7b0e075-8e70-51f0-86a8-e45639512f20) |
|---|---|
| Product | Woocommerce Gutenberg Products Block (d16ac0cd-bb3c-5b6d-b961-6d48a2f80f89) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-32789 |
vulnerable | 2026-06-03 14:44:40.291464 |
Arbitrary SQL (SQL injection) possible via the Store API component.
HIGH (7.5)
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.
Published: 2021-07-26T15:30:12.000Z
Updated: 2024-08-03T23:33:56.078Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.