SQL Injection Vulnerability in Easy Modal Plugin for WordPress
CVE-2017-12947

7.2HIGH

Key Information:

Vendor: Wordpress
Status: Easy Modal
Vendor: CVE Published:; 18 August 2017

What is CVE-2017-12947?

The Easy Modal plugin prior to version 2.1.0 for WordPress contains a SQL injection vulnerability in the modals.php file. This issue arises during an untrash action using the id, ids, or modal parameter, which can be exploited by users with administrative privileges. When exploited, this flaw can compromise the database, allowing attackers to manipulate query results and access sensitive information.

References

https://wordpress.org/plugins/easy-modal/#developers

x_refsource_MISC

http://www.defensecode.com/advisories/DC-2017-01-007_Word...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 18, 2017

Wordpress

What is CVE-2017-12947?

References

CVSS V3.1

Timeline