Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in postMash - custom post order
CVE-2024-25927

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Postmash – Custom Post Order
Vendor: CVE Published:; 28 February 2024

What is CVE-2024-25927?

A SQL Injection vulnerability in the postMash – Custom Post Order plugin, developed by Joel Starnes, allows attackers to manipulate SQL queries. This vulnerability affects versions from n/a through 1.2.0, potentially enabling unauthorized access to sensitive database information. Proper sanitization of user inputs is crucial to prevent exploitation, as attackers could exploit the flaw to execute arbitrary SQL code, leading to data exposure or modification.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

postMash – custom post order <= 1.2.0

References

https://patchstack.com/database/vulnerability/postmash/wo...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2024
Vulnerability Reserved
Feb 12, 2024

Credit

Dimas Maulana (Patchstack Alliance)

JSON

WordPress

What is CVE-2024-25927?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.