SQL Injection Vulnerability in WordPress Auction Plugin
CVE-2024-51615

9.3CRITICAL

Key Information:

Vendor: Wordpress
Status: WordPress Auction Plugin
Vendor: CVE Published:; 6 December 2024

Summary

An SQL Injection vulnerability exists in the WordPress Auction Plugin developed by Owen Cutajar and Hyder Jaffari. This flaw allows attackers to exploit improper neutralization of special elements used in SQL commands, posing a significant risk to WordPress sites utilizing this plugin. The vulnerability potentially enables unauthorized access to sensitive data and manipulation of the database, leading to severe security breaches. It affects all versions of the plugin up to and including version 3.7, necessitating prompt updates and security measures to mitigate the associated risks.

Affected Version(s)

WordPress Auction Plugin <= 3.7

References

https://patchstack.com/database/wordpress/plugin/wp-aucti...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 6, 2024
Vulnerability Reserved
Oct 30, 2024

Credit

Hakiduck (Patchstack Alliance)