Описание
The WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the ~/Classes/wpBannerizeAdmin.php file which allows attackers to exfiltrate sensitive information from vulnerable sites. This issue affects versions 2.0.0 - 4.0.2.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.0.0 (включая) до 4.0.2 (включая)
cpe:2.3:a:wp_bannerize_project:wp_bannerize:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 69%
0.00608
Низкий
6.5 Medium
CVSS3
7.7 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
The WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the ~/Classes/wpBannerizeAdmin.php file which allows attackers to exfiltrate sensitive information from vulnerable sites. This issue affects versions 2.0.0 - 4.0.2.
EPSS
Процентиль: 69%
0.00608
Низкий
6.5 Medium
CVSS3
7.7 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89
CWE-89