SQL Injection Vulnerability in Pressaholic WordPress Video Robot by Pressaholic
CVE-2024-52431

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: WordPress Video Robot - The Ultimate Video Importer
Vendor: CVE Published:; 18 November 2024

What is CVE-2024-52431?

A vulnerability has been identified in the Pressaholic WordPress Video Robot - The Ultimate Video Importer plugin, where improper neutralization of special elements in SQL commands allows for SQL Injection attacks. This flaw poses significant risks as it can enable attackers to manipulate database queries, potentially leading to unauthorized access, data breaches, and further exploitation of the affected system. The vulnerability affects all versions of the plugin up to and including 1.20.0, necessitating prompt action for users to secure their WordPress installations.

Affected Version(s)

WordPress Video Robot - The Ultimate Video Importer 0 <= 1.20.0

References

https://patchstack.com/database/Wordpress/Plugin/wp-video...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2024

CVE-2024-52431 Data

JSON