Blind SQL Injection Vulnerability in WP Mailster
CVE-2024-53807
9.8CRITICAL
What is CVE-2024-53807?
An SQL Injection vulnerability exists in WP Mailster, a plugin developed by Brandtoss. This flaw arises from the improper neutralization of special elements in SQL commands, allowing for blind SQL injection attacks. Attackers can exploit this vulnerability to execute arbitrary SQL queries, which may lead to unauthorized access to sensitive data or even full database compromise. Versions impacted include all versions prior to 1.8.16.0, as highlighted in the security advisory. It is crucial for users of this plugin to apply necessary updates and mitigations to safeguard their installations against potential exploitation.
Affected Version(s)
WP Mailster <= 1.8.16.0