exploitDog

CVE-2025-28983

Опубликовано: 04 июл. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect allows Privilege Escalation. This issue affects Click & Pledge Connect: from 25.04010101 through WP6.8.

Ссылки

https://patchstack.com/database/wordpress/plugin/click-pledge-connect/vulnerability/wordpress-click-pledge-connect-plugin-25-04010101-wp6-8-privilege-escalation-via-sql-injection-vulnerability?_s_id=cve

EPSS

Процентиль: 12%

0.00041

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-3rxm-qjgx-2m73

CVSS3: 9.8

github

7 месяцев назад

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect allows Privilege Escalation. This issue affects Click & Pledge Connect: from 25.04010101 through WP6.8.

EPSS

Процентиль: 12%

0.00041

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89