SQL Injection Vulnerability in Hero Maps Premium Plugin for WordPress
CVE-2024-13781
6.5MEDIUM
What is CVE-2024-13781?
The Hero Maps Premium plugin for WordPress is susceptible to an SQL Injection vulnerability due to inadequate escaping of user-supplied parameters and insufficient preparation of existing SQL queries. This flaw allows authenticated attackers with Subscriber-level access or higher to inject additional SQL queries, potentially leading to the exposure of sensitive data from the database. This type of vulnerability poses significant risks, including data breaches and unauthorized access to critical information.
Affected Version(s)
Hero Maps Premium * <= 2.3.9