Sensitive Information at Risk: SQL Injection Vulnerability in Responsive Filterable Portfolio Plugin
CVE-2019-25221

6.5MEDIUM

Key Information:

Vendor

Wordpress
Status
Responsive Filterable Portfolio
Vendor
CVE Published:
13 December 2024

What is CVE-2019-25221?

The Responsive Filterable Portfolio plugin for WordPress is susceptible to SQL Injection attacks through the 'id' parameter in all versions up to 1.0.8. This vulnerability arises from inadequate escaping of user-supplied data and lack of proper SQL query preparation. As a result, unauthenticated attackers can manipulate existing SQL queries by injecting additional commands, potentially leading to unauthorized access and extraction of sensitive information from the database. Regular updates and proper configuration are crucial to mitigate such vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Responsive Filterable Portfolio * <= 1.0.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://wordpress.org/plugins/responsive-filterable-portf...
https://plugins.trac.wordpress.org/changeset?old_path=/re...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ala Arfaoui
JSON
.