Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Requires an authenticated high-privilege WordPress account (PR:H) over the network with no user interaction; blind SQLi enables full DB read (C:H) but no confirmed write or availability impact, and I keep scope unchanged (S:U) as the injection stays within the app's own DB.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zorem Advanced Shipment Tracking for WooCommerce woo-advanced-shipment-tracking allows Blind SQL Injection.This issue affects Advanced Shipment Tracking for WooCommerce: from n/a through <= 4.0.
Articles & Coverage 1
AnalysisAI
Blind SQL injection in the Zorem "Advanced Shipment Tracking for WooCommerce" WordPress plugin (all versions through 4.0) lets an authenticated high-privileged user inject SQL into a backend query and extract database contents inference by inference. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was disclosed via Patchstack. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated WordPress account with high privileges (CVSS PR:H - in practice an administrator or shop-manager role on the WooCommerce site), and access to the plugin functionality/endpoint that constructs the vulnerable SQL query in Advanced Shipment Tracking for WooCommerce version 4.0 or earlier. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score is 7.6 (High) with vector AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who already holds a WordPress shop-manager or administrator account - or who has hijacked such a session via phishing or a compromised credential - submits crafted input to a plugin parameter that feeds an unsanitized SQL query. By observing conditional true/false or timing differences in the plugin's responses, they iteratively extract customer PII, order data, and password hashes from the WooCommerce database. … |
| Remediation | No vendor-released patched version is identified in the provided data - the advisory only records the vulnerable range as "through <= 4.0" without naming a fixed release - so consult the Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/woo-advanced-shipment-tracking/vulnerability/wordpress-advanced-shipment-tracking-for-woocommerce-plugin-4-0-sql-injection-vulnerability) and the plugin's WordPress.org changelog for a version newer than 4.0 and update to it once released. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, audit all active WordPress administrator and shop-manager accounts, restrict admin access to essential trusted personnel only, and enforce strong credential requirements. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43393