CVE-2021-32789

EUVD-2021-19552
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
GitHub_MCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
automatticwoocommerce_blocks
2.5.0 ≤
𝑥
< 2.5.16
automatticwoocommerce_blocks
2.6.0 ≤
𝑥
< 2.6.2
automatticwoocommerce_blocks
2.7.0 ≤
𝑥
< 2.7.2
automatticwoocommerce_blocks
2.8.0 ≤
𝑥
< 2.8.1
automatticwoocommerce_blocks
2.9.0 ≤
𝑥
< 2.9.1
automatticwoocommerce_blocks
3.0.0 ≤
𝑥
< 3.0.1
automatticwoocommerce_blocks
3.1.0 ≤
𝑥
< 3.1.1
automatticwoocommerce_blocks
3.2.0 ≤
𝑥
< 3.2.1
automatticwoocommerce_blocks
3.3.0 ≤
𝑥
< 3.3.1
automatticwoocommerce_blocks
3.4.0 ≤
𝑥
< 3.4.1
automatticwoocommerce_blocks
3.5.0 ≤
𝑥
< 3.5.1
automatticwoocommerce_blocks
3.6.0 ≤
𝑥
< 3.6.1
automatticwoocommerce_blocks
3.7.0 ≤
𝑥
< 3.7.2
automatticwoocommerce_blocks
3.8.0 ≤
𝑥
< 3.8.1
automatticwoocommerce_blocks
3.9.0 ≤
𝑥
< 3.9.1
automatticwoocommerce_blocks
4.0.0 ≤
𝑥
< 4.0.1
automatticwoocommerce_blocks
4.1.0 ≤
𝑥
< 4.1.1
automatticwoocommerce_blocks
4.2.0 ≤
𝑥
< 4.2.1
automatticwoocommerce_blocks
4.3.0 ≤
𝑥
< 4.3.1
automatticwoocommerce_blocks
4.4.0 ≤
𝑥
< 4.4.3
automatticwoocommerce_blocks
4.5.0 ≤
𝑥
< 4.5.3
automatticwoocommerce_blocks
4.6.0 ≤
𝑥
< 4.6.1
automatticwoocommerce_blocks
4.7.0 ≤
𝑥
< 4.7.1
automatticwoocommerce_blocks
4.8.0 ≤
𝑥
< 4.8.1
automatticwoocommerce_blocks
4.9.0 ≤
𝑥
< 4.9.2
automatticwoocommerce_blocks
5.0.0 ≤
𝑥
< 5.0.1
automatticwoocommerce_blocks
5.1.0 ≤
𝑥
< 5.1.1
automatticwoocommerce_blocks
5.2.0 ≤
𝑥
< 5.2.1
automatticwoocommerce_blocks
5.3.0 ≤
𝑥
< 5.3.2
automatticwoocommerce_blocks
5.4.0 ≤
𝑥
< 5.4.1
automatticwoocommerce_blocks
5.5.0 ≤
𝑥
< 5.5.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/woocommerce/woocommerce-gutenberg-products-block-ghsa-6hq4-w6wv-8wrp/pull/1
https://github.com/woocommerce/woocommerce-gutenberg-products-block/security/advisories/GHSA-6hq4-w6wv-8wrp
https://hackerone.com/reports/1260787
https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/
https://wooengineering.wordpress.com/2021/07/14/incident-report-sql-injection-via-store-api/
https://github.com/woocommerce/woocommerce-gutenberg-products-block-ghsa-6hq4-w6wv-8wrp/pull/1
https://github.com/woocommerce/woocommerce-gutenberg-products-block/security/advisories/GHSA-6hq4-w6wv-8wrp
https://hackerone.com/reports/1260787
https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/
https://wooengineering.wordpress.com/2021/07/14/incident-report-sql-injection-via-store-api/