I Recommend This Plugin dot-irecommendthis.php sql injection
CVE-2014-125099

6.3MEDIUM

Key Information:

Vendor
Wordpress
Status
I Recommend This Plugin
Vendor
CVE Published:
20 April 2023

Summary

A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability.

Affected Version(s)

I Recommend This Plugin 3.7.0

I Recommend This Plugin 3.7.1

I Recommend This Plugin 3.7.2

References

https://vuldb.com/?id.226309
vdb-entrytechnical-description
https://vuldb.com/?ctiid.226309
signaturepermissions-required
https://github.com/wp-plugins/i-recommend-this/commit/058...
patch

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB GitHub Commit Analyzer
.