WPGrim Classic Editor and Classic Widgets Vulnerability to SQL Injection

CVE-2024-47312

8.5HIGH

Key Information

Vendor: WPgrim
Status: Classic Editor And Classic Widgets
Vendor: CVE Published:; 17 October 2024

Summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPGrim Classic Editor and Classic Widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through 1.4.1.

Affected Version(s)

Classic Editor and Classic Widgets <= 1.4.1

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Oct 17, 2024
Vulnerability Reserved.
Sep 24, 2024

Collectors

NVD DatabaseMitre Database

Credit

Hakiduck (Patchstack Alliance)