Skip to main content

Apiexperts Square For Woocommerce

2 CVEs product

Monthly

CVE-2026-57810 HIGH This Week

Blind SQL injection in the APIExperts "Square for WooCommerce" (woosquare) WordPress plugin affects all versions up to and including 4.7.4, allowing an authenticated attacker to inject crafted SQL into a database query and infer or extract data via boolean/time-based blind techniques. The flaw was reported by Patchstack and carries a CVSS 3.1 score of 8.5; no public exploit identified at time of analysis and it is not listed in CISA KEV. Because the CVSS vector specifies PR:L, exploitation requires an existing low-privileged authenticated session rather than fully anonymous access.

SQLi WordPress Apiexperts Square For Woocommerce
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2026-54848 HIGH This Week

Sensitive data exposure in the APIExperts Square for WooCommerce WordPress plugin (also known as woosquare) through version 4.7.3 allows remote attackers to retrieve embedded sensitive information that the plugin inserts into data it sends. Reported by Patchstack and rated CVSS 8.3, the flaw stems from CWE-201 (Insertion of Sensitive Information Into Sent Data) and is exploitable without authentication or user interaction per its CVSS vector. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

WordPress Information Disclosure Apiexperts Square For Woocommerce
NVD
CVSS 3.1
8.3
EPSS
0.2%
EPSS 0% CVSS 8.5
HIGH This Week

Blind SQL injection in the APIExperts "Square for WooCommerce" (woosquare) WordPress plugin affects all versions up to and including 4.7.4, allowing an authenticated attacker to inject crafted SQL into a database query and infer or extract data via boolean/time-based blind techniques. The flaw was reported by Patchstack and carries a CVSS 3.1 score of 8.5; no public exploit identified at time of analysis and it is not listed in CISA KEV. Because the CVSS vector specifies PR:L, exploitation requires an existing low-privileged authenticated session rather than fully anonymous access.

SQLi WordPress Apiexperts Square For Woocommerce
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Sensitive data exposure in the APIExperts Square for WooCommerce WordPress plugin (also known as woosquare) through version 4.7.3 allows remote attackers to retrieve embedded sensitive information that the plugin inserts into data it sends. Reported by Patchstack and rated CVSS 8.3, the flaw stems from CWE-201 (Insertion of Sensitive Information Into Sent Data) and is exploitable without authentication or user interaction per its CVSS vector. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

WordPress Information Disclosure Apiexperts Square For Woocommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy