SQL Injection Vulnerability in GigPress Plugin for WordPress
CVE-2015-9353
7.2HIGH
Summary
The GigPress plugin for WordPress, prior to version 2.3.11, contains a vulnerability in its admin area that allows for SQL injection. This occurs when user input is improperly sanitized, potentially enabling an attacker to manipulate database queries. This could lead to unauthorized access to sensitive data or disruption of service, highlighting the importance of promptly updating to the latest version to mitigate security risks.
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved