Sensitive Information at Risk: SQL Injection Vulnerability in Responsive Filterable Portfolio Plugin
CVE-2019-25221

6.5MEDIUM

Key Information:

Vendor: Nik00726
Status: Responsive Filterable Portfolio
Vendor: CVE Published:; 13 December 2024

Summary

The Responsive Filterable Portfolio plugin for WordPress is susceptible to SQL Injection attacks through the 'id' parameter in all versions up to 1.0.8. This vulnerability arises from inadequate escaping of user-supplied data and lack of proper SQL query preparation. As a result, unauthenticated attackers can manipulate existing SQL queries by injecting additional commands, potentially leading to unauthorized access and extraction of sensitive information from the database. Regular updates and proper configuration are crucial to mitigate such vulnerabilities.

Affected Version(s)

Responsive Filterable Portfolio * <= 1.0.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/responsive-filterable-portf...

https://plugins.trac.wordpress.org/changeset?old_path=/re...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Dec 12, 2024

Credit

Ala Arfaoui