Plattform
wordpress
Komponente
webd-woocommerce-advanced-reporting-statistics
Behoben in
4.1.4
CVE-2026-24993 describes a critical SQL Injection vulnerability discovered in Advanced WooCommerce Product Sales Reporting. This flaw allows attackers to perform blind SQL injection, potentially leading to unauthorized data access and manipulation. The vulnerability impacts versions from 0.0.0 through 4.1.3, and a patch is available in version 4.1.4.
The SQL Injection vulnerability in Advanced WooCommerce Product Sales Reporting allows attackers to bypass security measures and directly interact with the underlying database. Successful exploitation enables attackers to extract sensitive data, including customer information, order details, and potentially even administrative credentials. The blind nature of the injection means attackers may need to perform multiple queries to extract data, but the potential impact remains severe. This vulnerability could be leveraged for data theft, website defacement, or even gaining control of the WooCommerce store, similar to other SQL injection attacks targeting e-commerce platforms.
CVE-2026-24993 was publicly disclosed on 2026-03-25. The vulnerability is considered high probability due to the ease of exploitation via blind SQL injection and the potential impact on sensitive data. No public proof-of-concept exploits are currently known, but the vulnerability's severity warrants immediate attention. It is not currently listed on the CISA KEV catalog.
WooCommerce store owners using the Advanced WooCommerce Product Sales Reporting plugin, particularly those running versions 0.0.0 through 4.1.3, are at significant risk. Shared hosting environments where multiple websites share the same database are especially vulnerable, as a compromise of one site could potentially expose data from others.
• wordpress / composer / npm:
grep -r "WPFactory Advanced WooCommerce Product Sales Reporting" /var/www/html/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/advanced-woocommerce-product-sales-reporting/ | grep SQL• wordpress / composer / npm:
wp plugin list | grep advanced-woocommerce-product-sales-reportingdisclosure
Exploit-Status
EPSS
0.04% (12% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-24993 is to immediately upgrade Advanced WooCommerce Product Sales Reporting to version 4.1.4 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to detect and block SQL injection attempts targeting the vulnerable endpoints. Review and restrict database user permissions to minimize the impact of a successful attack. Monitor database logs for suspicious activity and unusual query patterns.
Aktualisieren Sie auf Version 4.1.4 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-24993 is a critical SQL Injection vulnerability affecting Advanced WooCommerce Product Sales Reporting versions 0.0.0–4.1.3, allowing attackers to potentially extract sensitive data.
If you are using Advanced WooCommerce Product Sales Reporting versions 0.0.0 through 4.1.3, you are vulnerable to this SQL Injection flaw.
Upgrade to version 4.1.4 or later to resolve the vulnerability. Consider WAF rules as a temporary mitigation if immediate upgrade is not possible.
As of now, there are no confirmed reports of active exploitation, but the vulnerability's nature makes it a potential target.
Refer to the WPFactory website and the WordPress plugin repository for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.