PT-2026-5080 · WordPress+1 · Vidshop – Shoppable Videos For Woocommerce+1

Athiwat Tiprasaharn

Publicado

2026-01-28

Atualizado

2026-01-28

CVE-2026-0702

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions VidShop – Shoppable Videos for WooCommerce plugin for WordPress versions up to and including 1.1.4

Description The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is susceptible to time-based SQL Injection. This is due to inadequate escaping of user-supplied input and insufficient preparation of existing SQL queries. Specifically, the fields parameter is vulnerable. This allows unauthenticated attackers to append additional SQL queries to existing ones, potentially extracting sensitive information from the database.

Recommendations Update the VidShop – Shoppable Videos for WooCommerce plugin for WordPress to a version later than 1.1.4.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2026-0702

Produtos afetados

Vidshop – Shoppable Videos For Woocommerce

Woocommerce

PT-2026-5080 · WordPress+1 · Vidshop – Shoppable Videos For Woocommerce+1

CVE-2026-0702

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10