SQL Injection Risk in Tainacan Plugin for WordPress
CVE-2024-13236
6.5MEDIUM
What is CVE-2024-13236?
The Tainacan plugin for WordPress contains a vulnerability that allows authenticated users, with Subscriber-level access and above, to manipulate SQL queries through the 'collection_id' parameter. This exploitation occurs due to insufficient parameter escaping and inadequate preparation of the SQL query, enabling attackers to inject additional SQL commands. Such actions can lead to unauthorized access to sensitive database information, posing a significant risk to the integrity of the data managed by the plugin.
Affected Version(s)
Tainacan * <= 0.21.12