Описание
The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.0.0 (исключая)
cpe:2.3:a:wpdataaccess:wp_data_access:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 67%
0.00546
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
около 4 лет назад
The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion
EPSS
Процентиль: 67%
0.00546
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89