CVE-2021-32789

Name of the Vulnerable Software and Affected Versions woocommerce-gutenberg-products-block versions 2.5.0 through 2.5.15

Description An SQL injection issue affects WooCommerce sites running the WooCommerce Blocks feature plugin. This can be exploited via a carefully crafted URL against the "wc/store/products/collection-data?calculate attribute counts[][taxonomy]" endpoint, allowing the execution of a read-only SQL query.

Recommendations For versions 2.5.0 through 2.5.15, upgrade to version 2.5.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wc/store/products/collection-data?calculate attribute counts[][taxonomy]" endpoint until a patch is applied.