SQL Injection Vulnerability Affects Find Duplicates
CVE-2024-32127

8.8HIGH

Key Information:

Vendor

WordPress
Status
Find Duplicates
Vendor
CVE Published:
15 April 2024

What is CVE-2024-32127?

The vulnerability in the Find Duplicates plugin for WordPress arises from improper neutralization of special elements used in SQL commands, allowing attackers to execute arbitrary SQL queries. This SQL Injection can be exploited to manipulate database queries, potentially compromising sensitive data within affected installations. Users of versions up to 1.4.6 should take immediate action to mitigate this vulnerability by updating to the latest version and reviewing security protocols to prevent unauthorized database access.

Affected Version(s)

Find Duplicates <= 1.4.6

References

https://patchstack.com/database/vulnerability/find-duplic...
vdb-entry

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Le Ngoc Anh (Patchstack Alliance)
.