SQL Injection Vulnerability in ENL Newsletter WordPress Plugin
CVE-2024-3060

Currently unrated

Key Information:

Vendor

Wordpress

Vendor
CVE Published:
26 April 2024

What is CVE-2024-3060?

The ENL Newsletter plugin for WordPress, specifically version 1.0.1, is susceptible to SQL injection attacks due to a flaw in how it handles user input. The plugin fails to sanitize and escape parameters before incorporating them into SQL statements. This oversight allows an administrator with additional privileges to execute arbitrary SQL commands, potentially leading to unauthorized access to sensitive data, manipulation of the WordPress database, and complete compromise of the site’s security. Website administrators using the affected version should prioritize implementing security measures to mitigate this vulnerability and protect their database environments.

References

Timeline

  • Vulnerability published

.
The Cyber Security Vulnerability Database.