SQL Injection Vulnerability Affects WP-Recall
CVE-2024-32709
9.3CRITICAL
Summary
An SQL Injection vulnerability exists in the WP-Recall plugin developed by Plechev Andrey. This issue arises from improper neutralization of special elements used in SQL commands, making versions from n/a up to 16.26.5 susceptible to exploitation. Attackers may exploit this vulnerability to manipulate SQL queries, potentially compromising the security of WordPress installations using the affected plugin. Implement recommended security measures and update to secure versions to mitigate the risks.
Affected Version(s)
WP-Recall <= 16.26.5
References
EPSS Score
90% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
LVT-tholv2k (Patchstack Alliance)