SQL Injection Vulnerability in Mail Masta Plugin for WordPress
CVE-2017-6573

7.2HIGH

Key Information:

Vendor: Wordpress
Status: Mail-masta
Vendor: CVE Published:; 9 March 2017

What is CVE-2017-6573?

The Mail Masta plugin for WordPress is susceptible to a SQL injection vulnerability that can be exploited by authenticated users with admin privileges. Through inadequate input sanitization on the 'id' parameter in the edit-list.php file, attackers can craft malicious requests to manipulate database queries, potentially compromising sensitive information. It is vital for users of this plugin to prioritize security measures and apply patches or updates to mitigate the risks associated with this flaw.

References

http://www.securityfocus.com/bid/96783

vdb-entryx_refsource_BID

https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2017
Vulnerability Reserved
Mar 9, 2017