WordPress Adifier System Plugin < 3.1.4 is vulnerable to SQL Injection
CVE-2023-49752

9.3CRITICAL

Key Information:

Vendor: Wordpress
Status: Adifier - Classified Ads WordPress Theme
Vendor: CVE Published:; 20 December 2023

Summary

A security flaw in the Adifier - Classified Ads WordPress Theme developed by Spoon allows attackers to manipulate SQL queries via improperly neutralized special elements. This vulnerability can lead to unauthorized access, data leakage, and potential control of affected systems if exploited. It primarily affects versions prior to 3.1.4, making it crucial for users to update to the latest version to ensure their sites remain secure.

Affected Version(s)

Adifier - Classified Ads WordPress Theme < 3.1.4

References

https://patchstack.com/database/vulnerability/adifier/wor...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 20, 2023
Vulnerability Reserved
Nov 30, 2023

Credit

FearZzZz (Patchstack Alliance)