SQL Injection Vulnerability in Mail Masta Plugin for WordPress
CVE-2017-6576

7.2HIGH

Key Information:

Vendor: Wordpress
Status: Mail-masta
Vendor: CVE Published:; 9 March 2017

What is CVE-2017-6576?

A serious SQL injection vulnerability exists in the Mail Masta plugin for WordPress, specifically in the campaign-delete feature. This issue allows attackers with administrative access to manipulate database queries through the GET parameter 'id' in the campaign-delete.php file. Exploiting this vulnerability could lead to unauthorized access to sensitive database information, potentially compromising the entire WordPress installation. It is essential for users of Mail Masta to apply security updates and follow best practices to mitigate risks associated with this vulnerability.

References

http://www.securityfocus.com/bid/96783

vdb-entryx_refsource_BID

https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2017
Vulnerability Reserved
Mar 9, 2017