CVE-2022-3481

Name of the Vulnerable Software and Affected Versions WooCommerce Dropshipping WordPress plugin versions prior to 4.4

Description The issue arises from the improper sanitization and escaping of a parameter before its use in a SQL statement via a REST endpoint. This endpoint is accessible to unauthenticated users, leading to a SQL injection.

Recommendations For versions prior to 4.4, update to version 4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST endpoint until the update is applied.