Blind SQL Injection Vulnerability in Barcode Scanner and Inventory Manager for WordPress
CVE-2024-2661

8.8HIGH

Key Information:

Vendor

Wordpress
Status
Barcode Scanner And Inventory Manager. Pos (point Of Sale) – Scan Barcodes & Create Orders With Barcode Reader.
Vendor
CVE Published:
2 May 2024

What is CVE-2024-2661?

The Barcode Scanner and Inventory Manager plugin for WordPress is susceptible to a blind SQL injection vulnerability caused by inadequate escaping of user-supplied parameters. This vulnerability specifically exists in the ‘currentIds’ parameter and impacts all versions up to and including 1.5.4. An authenticated attacker with subscriber-level access or higher can exploit this weakness to inject additional SQL queries into existing database queries. This exploitation can potentially lead to unauthorized access and extraction of sensitive information from the database, posing a considerable risk to the integrity of the web application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. * <= 1.5.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/barcode-scanne...
https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Peter Thaleikis
JSON
.