cleantalk
Vulnerabilities and Security Researches

WooCommerce, CVE-2021-32790

CVE, Research URL

CVE-2021-32790

Home page URL

Security reports for WooCommerce

Application

WooCommerce

Published on
Jul 26, 2021
Research Description
Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors (already) having admin access, or API keys to the WooCommerce site can exploit vulnerable endpoints of `/wp-json/wc/v3/webhooks`, `/wp-json/wc/v2/webhooks` and other webhook listing API. Read-only SQL queries can be executed using this exploit, while data will not be returned, by carefully crafting `search` parameter information can be disclosed using timing and related attacks. Version 3.3.6 is the earliest version of Woocommerce with a patch for this vulnerability. There are no known workarounds other than upgrading.
Affected versions
Min -, max 6.6.0.
Status
vulnerable
Previous vulnerability researches
WooCommerce Checkout Field Manager (CVE-2022-4328) , Jun 10, 2024
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2021-24952) , Jun 10, 2024
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2022-46797) , Jun 10, 2024
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2025-30909) , Apr 02, 2025
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2023-51357) , Jun 10, 2024
New vulnerability
Music Player for Elementor – Audio Player & Podcast Player (CVE-2025-5340) , Jun 03, 2025
The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales Analysis (CVE-2025-4631) , Jun 03, 2025
FastSpring (CVE-2025-4595) , Jun 02, 2025
Real Time Validation for Gravity Forms (CVE-2025-48330) , Jun 02, 2025
EU/UK VAT Manager for WooCommerce (CVE-2025-47504) , Jun 02, 2025