{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0678", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-01-07T17:45:17.514Z", "datePublished": "2026-01-14T05:28:08.115Z", "dateUpdated": "2026-04-08T16:50:48.852Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:50:48.852Z"}, "affected": [{"vendor": "logiceverest", "product": "Shipping Rates by City for WooCommerce", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "title": "Shipping Rates by City for WooCommerce <= 1.0.3 - Authenticated (Shop Manager+) SQL Injection via 'cities' Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ada476b-6978-4c38-a5d3-67266a709a3e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/flat-shipping-rate-by-city-for-woocommerce/trunk/shipping-method-class.php#L154"}, {"url": "https://plugins.trac.wordpress.org/browser/flat-shipping-rate-by-city-for-woocommerce/tags/1.0.3/shipping-method-class.php#L154"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Truong"}], "timeline": [{"time": "2026-01-13T16:50:20.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-15T18:46:54.742105Z", "id": "CVE-2026-0678", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T14:28:15.251Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0678", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-15T18:46:54.742105Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-15T18:59:55.791Z"}}], "cna": {"title": "Shipping Rates by City for WooCommerce <= 1.0.3 - Authenticated (Shop Manager+) SQL Injection via 'cities' Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Truong"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "logiceverest", "product": "Shipping Rates by City for WooCommerce", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-13T16:50:20.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ada476b-6978-4c38-a5d3-67266a709a3e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/flat-shipping-rate-by-city-for-woocommerce/trunk/shipping-method-class.php#L154"}, {"url": "https://plugins.trac.wordpress.org/browser/flat-shipping-rate-by-city-for-woocommerce/tags/1.0.3/shipping-method-class.php#L154"}], "descriptions": [{"lang": "en", "value": "The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:50:48.852Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0678", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:50:48.852Z", "dateReserved": "2026-01-07T17:45:17.514Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-14T05:28:08.115Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}, {"lang": "es", "value": "El plugin Flat Shipping Rate by City for WooCommerce para WordPress es vulnerable a inyecci\u00f3n SQL basada en tiempo a trav\u00e9s del par\u00e1metro 'cities' en todas las versiones hasta la 1.0.3, inclusive, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes autenticados, con acceso de nivel de 'Shop Manager' o superior, a\u00f1adan consultas SQL adicionales a consultas ya existentes que pueden ser utilizadas para extraer informaci\u00f3n sensible de la base de datos."}], "id": "CVE-2026-0678", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-01-14T06:15:55.197", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/flat-shipping-rate-by-city-for-woocommerce/tags/1.0.3/shipping-method-class.php#L154"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/flat-shipping-rate-by-city-for-woocommerce/trunk/shipping-method-class.php#L154"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ada476b-6978-4c38-a5d3-67266a709a3e?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T02:11:08.717587+00:00", "value": {"mitigation_remediation": ["Upgrade the plugin to the latest available version or disable it if no update exists.", "Restrict or remove Shop Manager\u2011level users or grant them only the minimal permissions required for their duties, and review the plugin\u2019s administrative interfaces for unnecessary exposure.", "Ensure WordPress database credentials have the least privilege necessary, and validate and sanitize all user input on the server side."], "summary": {"action": "Patch Now", "impact": "SQL Injection allowing extraction of sensitive database information"}, "threat_synthesis": {"affected_systems": "The affected product is the logiceverest Shipping Rates by City for WooCommerce plugin for WordPress. Versions 1.0.3 and any earlier releases are impacted. WordPress sites that have installed these releases and have users with Shop Manager or higher privileges are at risk.", "description_and_impact": "The Flat Shipping Rate by City for WooCommerce plugin is vulnerable to a time\u2011based SQL injection via the 'cities' parameter. The flaw stems from insufficient input escaping and the absence of prepared statements. This weakness, identified as CWE\u201189, permits an authenticated attacker with Shop Manager\u2011level access or higher to append malicious SQL to the existing query, potentially retrieving confidential data from the WordPress database.", "risk_and_exploitability": "The CVSS score of 4.9 denotes a medium severity, and the EPSS score of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires authenticated access; attackers must obtain or compromise a Shop Manager\u2013level account or a higher\u2011privileged account. No publicly available exploits are documented, but the low EPSS does not rule out targeted attempts against WooCommerce installations."}}}}, "created": "2026-01-14T10:48:50.872579+00:00", "updated": "2026-04-16T02:15:21.336616+00:00", "vendors": ["logiceverest", "logiceverest$PRODUCT$flat_shipping_rate_by_city_for_woocommerce", "woocommerce", "woocommerce$PRODUCT$woocommerce", "wordpress", "wordpress$PRODUCT$wordpress"]}