Описание
The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.8 (исключая)
cpe:2.3:a:mandsconsulting:email_before_download:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 72%
0.00703
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
около 4 лет назад
The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues
EPSS
Процентиль: 72%
0.00703
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89