Squirrly SEO Plugin Vulnerable to SQL Injection Attacks
CVE-2024-43286

8.5HIGH

Key Information:

Vendor: WordPress
Status: Seo Plugin By Squirrly Seo
Vendor: CVE Published:; 18 August 2024

Summary

An SQL Injection vulnerability exists in the Squirrly SEO Plugin, a widely used tool for optimizing SEO performance on WordPress sites. This vulnerability arises from improper neutralization of special elements used in SQL commands, allowing attackers to inject malicious SQL queries. If exploited, the flaw can lead to unauthorized access to sensitive data and manipulation of the database. Users of the Squirrly SEO Plugin, particularly those using versions from n/a through 12.3.19, are at risk and should take steps to mitigate potential attacks.

Affected Version(s)

SEO Plugin by Squirrly SEO <= 12.3.19

References

https://patchstack.com/database/vulnerability/squirrly-se...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 18, 2024
Vulnerability Reserved
Aug 9, 2024

Credit

Rafie Muhammad (Patchstack)