SQL Injection Vulnerability in Advanced What Should We Write Next About Plugin
CVE-2024-55987

8.5HIGH

Key Information:

Vendor: WordPress
Status: Advanced What Should We Write Next About
Vendor: CVE Published:; 16 December 2024

Summary

CVE-2024-55987 is a critical SQL Injection vulnerability found in the Advanced What Should We Write Next About plugin developed by Ritesh Sanap. This flaw occurs due to improper neutralization of special elements in SQL commands, allowing remote attackers to manipulate database queries. By exploiting this vulnerability, attackers can execute arbitrary SQL commands, potentially compromising sensitive data stored in the database. This issue is present in versions from n/a through 1.0.3. It is essential for users of the affected plugins to apply the necessary security patches and updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Advanced What should we write next about <= 1.0.3

References

https://patchstack.com/database/wordpress/plugin/advanced...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Dec 14, 2024

Credit

LVT-tholv2k (Patchstack Alliance)