Fusion Builder Vulnerable to SQL Injection
CVE-2023-39309

8.5HIGH

Key Information:

Vendor: WordPress
Status: Fusion Builder
Vendor: CVE Published:; 28 March 2024

Summary

An SQL Injection vulnerability exists in ThemeFusion's Fusion Builder, allowing attackers to manipulate SQL commands due to improper neutralization of special elements. This issue affects Fusion Builder versions from n/a through 3.11.1, making it possible for authenticated users to execute unauthorized SQL queries, potentially leading to data exposure or alteration.

Affected Version(s)

Fusion Builder <= 3.11.1

References

https://patchstack.com/database/vulnerability/fusion-buil...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Jul 27, 2023

Credit

Rafie Muhammad (Patchstack)