CVE-2026-1370
Time-Based SQL Injection in SIBS WooCommerce Plugin
Publication date: 2026-02-04
Last updated on: 2026-02-04
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sibs | woocommerce_payment_gateway | 2.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The SIBS WooCommerce payment gateway plugin for WordPress has a vulnerability known as time-based SQL Injection in the 'referencedId' parameter. This occurs because the plugin does not properly escape user input and does not sufficiently prepare the SQL query. As a result, authenticated users with Administrator-level access or higher can inject additional SQL queries into existing ones.
This injection allows attackers to extract sensitive information from the database by appending malicious SQL commands.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an authenticated administrator or higher-level user to perform unauthorized SQL queries on your database.
Such unauthorized queries can lead to the extraction of sensitive information stored in the database, potentially compromising confidential data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a time-based SQL Injection via the 'referencedId' parameter in the SIBS WooCommerce payment gateway plugin for WordPress. Detection would typically require monitoring for unusual SQL query behavior or attempts to inject SQL through this parameter.
Since the vulnerability requires authenticated attackers with Administrator-level access, detection could involve auditing administrator actions and monitoring HTTP requests to the plugin endpoints that include the 'referencedId' parameter.
Specific commands or tools to detect this vulnerability are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting administrator access to trusted users only, as the vulnerability requires Administrator-level privileges.
Additionally, monitoring and limiting the use of the 'referencedId' parameter in requests to the SIBS WooCommerce payment gateway plugin can help reduce risk.
Since the vulnerability is due to insufficient escaping and lack of proper SQL query preparation, updating the plugin to a version that fixes this issue (if available) is recommended.
No specific patch or update information is provided in the available resources.