SQL Injection Vulnerability in VibeThemes VibeBP Plugin
CVE-2024-56041
8.5HIGH
Summary
An SQL Injection vulnerability in the VibeBP plugin by VibeThemes can allow attackers to manipulate database queries, potentially compromising sensitive data and leading to unauthorized operations. This vulnerability affects versions of the VibeBP plugin prior to 1.9.9.5.1, which do not adequately sanitize user inputs. As a result, users may be exposed to serious security risks if updates and best security practices are not implemented.
Affected Version(s)
VibeBP < 1.9.9.5.1
References
CVSS V3.1
Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Rafie Muhammad (Patchstack)