SQL Injection Vulnerability in Easy Modal Plugin by WordPress
CVE-2017-12946

7.2HIGH

Key Information:

Vendor: Wordpress
Status: Easy Modal
Vendor: CVE Published:; 18 August 2017

What is CVE-2017-12946?

The Easy Modal plugin for WordPress versions prior to 2.1.0 has a security flaw that allows an SQL injection attack via the delete action in the admin panel. This vulnerability can be exploited through the 'id', 'ids', or 'modal' parameters when sending requests to wp-admin/admin.php, enabling attackers with administrative privileges to execute unauthorized SQL commands and potentially compromise the website's database integrity.

References

https://wordpress.org/plugins/easy-modal/#developers

x_refsource_MISC

http://www.defensecode.com/advisories/DC-2017-01-007_Word...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 18, 2017

Wordpress

What is CVE-2017-12946?

References

CVSS V3.1

Timeline