Clearsale Total
Monthly
Unauthenticated SQL injection in the ClearSale Total WordPress plugin (all versions through 3.4.2) allows remote attackers to extract sensitive database contents via the pagseguro[metodo] POST parameter of the clearsale_total_push AJAX action. The flaw is reachable without authentication because the nopriv AJAX handler ships with a commented-out die() in the nonce-failure branch, and on PHP < 8.0 loose type juggling bypasses the switch/case integer guard. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Unauthenticated SQL injection in the ClearSale Total WordPress plugin (all versions through 3.4.2) allows remote attackers to extract sensitive database contents via the pagseguro[metodo] POST parameter of the clearsale_total_push AJAX action. The flaw is reachable without authentication because the nopriv AJAX handler ships with a commented-out die() in the nonce-failure branch, and on PHP < 8.0 loose type juggling bypasses the switch/case integer guard. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.