{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-54815: WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerability","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-54815","status":"final","version":"1","initial_release_date":"2026-06-17T13:40:03.283Z","current_release_date":"2026-06-17T14:52:13.496Z","revision_history":[{"date":"2026-06-17T13:40:03.283Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection.\n\nThis issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-54815 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-54815"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-54815"},{"category":"external","summary":"patchstack.com","url":"https://patchstack.com/database/wordpress/plugin/cargo-shipping-location-for-woocommerce/vulnerability/wordpress-cargo-shipping-location-for-woocommerce-plugin-5-6-sql-injection-vulnerability?_s_id=cve"}]},"product_tree":{"branches":[{"category":"vendor","name":"Cargo RD","branches":[{"category":"product_name","name":"Cargo Shipping Location for WooCommerce","branches":[{"category":"product_version_range","name":">=n/a <=5.6","product":{"name":"Cargo RD Cargo Shipping Location for WooCommerce >=n/a <=5.6","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:cargo_rd:cargo_shipping_location_for_woocommerce:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-54815","title":"WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerability","notes":[{"category":"description","text":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection.\n\nThis issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1"]},"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL"},"products":["CSAFPID-1"]}],"remediations":[{"category":"none_available","details":"No fixed version is published yet. Monitor the upstream advisory.","product_ids":["CSAFPID-1"]}]}]}