SQL Injection Flaw in ClickWhale Link Management Tool
CVE-2024-51715

8.5HIGH

Key Information:

Vendor: WordPress
Status: Clickwhale – Link Manager, Link Shortener And Click Tracker For Affiliate Links & Link Pages
Vendor: CVE Published:; 7 January 2025

Summary

An SQL Injection vulnerability has been identified in the ClickWhale Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages. This vulnerability allows for Blind SQL Injection, potentially enabling attackers to gain unauthorized access to sensitive data or manipulate the database underlying the application. The affected versions, from unspecified releases through 2.4.1, require prompt attention to ensure that database queries are properly sanitized, preventing exploitation.

Affected Version(s)

ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1

References

https://patchstack.com/database/wordpress/plugin/clickwha...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 7, 2025
Vulnerability Reserved
Oct 30, 2024

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)