Fusion Builder Vulnerable to SQL Injection
CVE-2023-39309

8.5HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
28 March 2024

What is CVE-2023-39309?

An SQL Injection vulnerability exists in ThemeFusion's Fusion Builder, allowing attackers to manipulate SQL commands due to improper neutralization of special elements. This issue affects Fusion Builder versions from n/a through 3.11.1, making it possible for authenticated users to execute unauthorized SQL queries, potentially leading to data exposure or alteration.

Affected Version(s)

Fusion Builder <= 3.11.1

References

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafie Muhammad (Patchstack)
.
The Cyber Security Vulnerability Database.