SQL Injection Vulnerability in Kama Clic Counter Plugin for WordPress
CVE-2017-18614

8.1HIGH

Key Information:

Vendor: Wordpress
Status: Kama Click Counter
Vendor: CVE Published:; 13 September 2019

Summary

The Kama Clic Counter plugin version 3.4.9 for WordPress is susceptible to an SQL injection attack due to improper validation of the 'order' parameter in admin.php. Attackers could exploit this vulnerability to execute arbitrary SQL queries against the database, potentially leading to unauthorized data access or manipulation. Site owners are advised to update to the latest plugin version to mitigate this security risk.

References

https://wordpress.org/plugins/kama-clic-counter/#developers

x_refsource_MISC

https://seclists.org/fulldisclosure/2017/Feb/67

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2019
Vulnerability Reserved
Sep 12, 2019