WPGrim Classic Editor and Classic Widgets Vulnerability to SQL Injection
CVE-2024-47312

8.5HIGH

Key Information:

Vendor: WordPress
Status: Classic Editor And Classic Widgets
Vendor: CVE Published:; 17 October 2024

Summary

An SQL Injection vulnerability exists in the WPGrim Classic Editor and Classic Widgets, which allows attackers to manipulate SQL commands by improperly neutralizing special elements. This could lead to unauthorized access to database information and compromise the security of the WordPress installation. Affected users should apply necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Classic Editor and Classic Widgets <= 1.4.1

References

https://patchstack.com/database/vulnerability/classic-edi...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Sep 24, 2024

Credit

Hakiduck (Patchstack Alliance)