WordPress Lodgix.com Vacation Rental Website Builder plugin <= 3.9.73 - SQL Injection vulnerability
CVE-2024-50539

8.5HIGH

Key Information:

Vendor: WordPress
Status: Lodgix.com Vacation Rental Website Builder
Vendor: CVE Published:; 9 November 2024

Summary

A security flaw has been identified in the Lodgix.com Vacation Rental Website Builder, characterized by the improper neutralization of special elements used in SQL commands. This vulnerability allows for SQL Injection attacks, which can permit an attacker to execute arbitrary SQL code. Affected versions of the product include those up to 3.9.73. Exploiting this vulnerability could potentially lead to unauthorized access to sensitive data, alterations in database information, and other malicious activities that compromise the integrity and security of the web application.

Affected Version(s)

Lodgix.com Vacation Rental Website Builder <= 3.9.73

References

https://patchstack.com/database/vulnerability/lodgixcom-v...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Oct 24, 2024

Credit

LVT-tholv2k (Patchstack Alliance)