WordPress Couponis Demo Plugin < 2.2 is vulnerable to SQL Injection
CVE-2023-49750
9.3CRITICAL
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 19 December 2023
Summary
The Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress theme is susceptible to SQL Injection attacks due to improper neutralization of special elements in SQL commands. This vulnerability can allow attackers to manipulate database queries, potentially leading to unauthorized access and data breaches. The issue affects versions of the Couponis theme prior to version 2.2, making it crucial for users to update their installations to prevent exploitation.
Affected Version(s)
Couponis - Affiliate & Submitting Coupons WordPress Theme < 2.2
References
CVSS V3.1
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
FearZzZz (Patchstack Alliance)