CVE-2026-0678
Time-Based SQL Injection in WooCommerce Flat Shipping Rate Plugin
Publication date: 2026-01-14
Last updated on: 2026-01-14
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unknown_vendor | flat_shipping_rate_by_city_for_woocommerce | to 1.0.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability is a time-based SQL Injection in the Flat Shipping Rate by City for WooCommerce WordPress plugin (up to version 1.0.3). It occurs via the 'cities' parameter due to insufficient escaping and lack of prepared statements in SQL queries. Authenticated users with Shop Manager-level access or higher can inject additional SQL queries into existing ones, potentially extracting sensitive database information. [2, 3]
How can this vulnerability impact me? :
This vulnerability allows attackers with Shop Manager-level access or above to perform SQL Injection attacks, which can lead to unauthorized extraction of sensitive information from the database. This could compromise customer data, shipping rates, and other stored information, potentially leading to data breaches and loss of trust.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or suspicious SQL queries involving the 'cities' parameter in the Flat Shipping Rate by City for WooCommerce plugin. Since the vulnerability involves time-based SQL injection via the 'cities' parameter, detection can include inspecting HTTP requests to the WordPress site for POST or GET requests containing the 'cities' parameter with suspicious payloads. Commands to detect such activity could include using web server logs or network traffic analysis tools to filter requests. For example, using grep on web server logs: `grep -i 'cities=' /path/to/access.log` to find requests containing the 'cities' parameter. Additionally, monitoring database query logs for unexpected or concatenated SQL statements involving the city names could help. However, no specific detection commands are provided in the resources. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to users with Shop Manager-level access and above, as only authenticated users with such privileges can exploit the vulnerability. Additionally, disabling or uninstalling the Flat Shipping Rate by City for WooCommerce plugin until a patched version is available is recommended. Applying input validation and sanitization beyond `sanitize_text_field` and implementing prepared statements for all SQL queries involving user input, especially the 'cities' parameter, will mitigate the risk. Monitoring and limiting the use of the vulnerable plugin's features in the admin interface can also reduce exposure. Since the vulnerability is due to unsafe SQL query construction, updating the plugin code to use parameterized queries is essential. If a patch is available, applying it immediately is advised. [2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows authenticated attackers with Shop Manager-level access to perform time-based SQL Injection attacks that can extract sensitive information from the database. Such unauthorized access and data extraction could lead to violations of data protection regulations like GDPR and HIPAA, which require safeguarding sensitive personal and health information. Therefore, exploitation of this vulnerability may result in non-compliance with these standards due to potential data breaches and inadequate protection of sensitive data. [2, 3]