SQL Injection Vulnerability in WatuPRO Plugin by WordPress
CVE-2017-9834

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Watupro
Vendor: CVE Published:; 7 September 2017

What is CVE-2017-9834?

A SQL injection vulnerability exists in the WatuPRO plugin for WordPress, which allows remote attackers to inject and execute arbitrary SQL commands through the 'watupro_questions' parameter during a 'watupro_submit' action. This security flaw can compromise the database and lead to unauthorized data exposure or manipulation. It is critical for users of versions prior to 5.5.3.7 to update to safeguard against potential attacks exploiting this weakness.

References

https://wpvulndb.com/vulnerabilities/8897

x_refsource_MISC

https://www.exploit-db.com/exploits/42291/

exploitx_refsource_EXPLOIT-DB

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 7, 2017
Vulnerability Reserved
Jun 23, 2017

Wordpress

What is CVE-2017-9834?

References

EPSS Score

CVSS V3.1

Timeline