CVE-2024-6205

Name of the Vulnerable Software and Affected Versions: PayPlus Payment Gateway WordPress plugin versions prior to 6.6.9

Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route. This route is available to unauthenticated users, leading to an SQL injection issue.

Recommendations: For versions prior to 6.6.9, update to version 6.6.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the WooCommerce API route until the update is applied.