exploitDog

CVE-2024-3265

Опубликовано: 25 апр. 2024

Источник: nvd

CVSS3: 4.7

EPSS Низкий

Описание

The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.

Ссылки

https://wpscan.com/vulnerability/ecb74622-eeed-48b6-a944-4e3494d6594d/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/ecb74622-eeed-48b6-a944-4e3494d6594d/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:advance_search_project:advance_search:*:*:*:*:*:wordpress:*:*

Версия до 1.1.6 (включая)

EPSS

Процентиль: 30%

0.00113

Низкий

4.7 Medium

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-fh99-9gvw-rw3c

CVSS3: 4.7

github

почти 2 года назад

The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.

EPSS

Процентиль: 30%

0.00113

Низкий

4.7 Medium

CVSS3

Дефекты

CWE-89