SQL Injection Vulnerability in ENL Newsletter WordPress Plugin
CVE-2024-3060
Currently unrated
What is CVE-2024-3060?
The ENL Newsletter plugin for WordPress, specifically version 1.0.1, is susceptible to SQL injection attacks due to a flaw in how it handles user input. The plugin fails to sanitize and escape parameters before incorporating them into SQL statements. This oversight allows an administrator with additional privileges to execute arbitrary SQL commands, potentially leading to unauthorized access to sensitive data, manipulation of the WordPress database, and complete compromise of the site’s security. Website administrators using the affected version should prioritize implementing security measures to mitigate this vulnerability and protect their database environments.