CVE-2024-13341
MultiLoca - WooCommerce Multi Locations Inventory Management <= 4.1.11 - Authenticated (Subscriber+) SQL InjectionThe MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to SQL Injection via the 'data-id' parameter in all versions up to, and including, 4.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
We have discovered 70 live websites that are affected by CVE-2024-13341.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 70 live websites (100% of WooCommerce Multi Locations Inventory Management install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')Details
- Published - Feb 1, 2025
- Updated - Feb 3, 2025
Credits
- Aiden (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-13341 United States | 22 websites |
 Canada | 6 websites |
 Chile | 5 websites |
 South Africa | 4 websites |
 Indonesia | 3 websites |
 Russia | 3 websites |
 Australia | 2 websites |
 Belgium | 2 websites |
 France | 2 websites |
 Kazakhstan | 2 websites |
Website Distribution by TLD
Number of websites using CVE-2024-13341| .com | 31 websites |
| .ca | 3 websites |
| .com.au | 3 websites |
| .ru | 2 websites |
| .be | 1 websites |
| .com.br | 1 websites |
| .cz | 1 websites |
| .eu | 1 websites |
| .fr | 1 websites |
| .it | 1 websites |
Websites affected by CVE-2024-13341
Top websites that are affected by CVE-2024-13341. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****************.com | United States | **,*** | |
| ******.com | United States | ***,*** | |
| ***************.com | United States | *,***,*** | |
| **********.com | United States | *,***,*** | |
| ***************.com | Canada | *,***,*** | |
| **************.com | United States | *,***,*** | |
| ******.com |  Germany | *,***,*** | |
| ********.cc | Belgium | *,***,*** | |
| *******.com | United States | *,***,*** | |
| *******.it |  Italy | *,***,*** |
FAQ
CVE-2024-13341 is Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in WooCommerce Multi Locations Inventory Management
A total of 70 websites have been identified as vulnerable to CVE-2024-13341, based on global website indexing conducted by WebTechSurvey.
The WooCommerce Multi Locations Inventory Management is affected by the CVE-2024-13341 vulnerability.
WooCommerce Multi Locations Inventory Management versions up to and including 4.1.11 are vulnerable to CVE-2024-13341.