SQL Injection Vulnerability Affects MoveTo from n/a to 6.2
CVE-2024-25910

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Moveto
Vendor: CVE Published:; 28 February 2024

Summary

An SQL Injection vulnerability exists in the Skymoonlabs MoveTo plugin, enabling an attacker to manipulate SQL commands by exploiting improper neutralization of special elements. This vulnerability affects all versions of the MoveTo plugin from an unknown release up to version 6.2. If exploited, it may allow unauthorized users to execute arbitrary SQL queries against the database, potentially leading to data disclosure, data modification, or even complete compromise of the underlying system. Users of the MoveTo plugin are advised to review their installations and apply any available security updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

MoveTo <= 6.2

References

https://patchstack.com/database/vulnerability/moveto/word...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2024
Vulnerability Reserved
Feb 12, 2024

Credit

Dave Jong (Patchstack)