WordPress GeoDirectory Plugin <= 2.3.28 is vulnerable to SQL Injection
CVE-2023-50845

7.6HIGH

Key Information:

Vendor
Wordpress
Status
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory
Vendor
CVE Published:
28 December 2023

Summary

A significant security flaw has been identified in the GeoDirectory – WordPress Business Directory Plugin developed by AyeCode. This vulnerability arises from improper neutralization of special elements that are used within SQL commands, leading to potential SQL Injection attacks. Attackers may exploit this flaw to gain unauthorized access to sensitive data or to manipulate database queries. The issue impacts versions ranging from not available (n/a) up to 2.3.28, necessitating immediate attention from website administrators to mitigate risks and secure their platforms.

Affected Version(s)

GeoDirectory – WordPress Business Directory Plugin, or Classified Directory <= 2.3.28

References

https://patchstack.com/database/vulnerability/geodirector...
vdb-entry

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Muhammad Daffa (Patchstack Alliance)
.