SQL Injection Vulnerability in WP Post Author by AF Themes
CVE-2024-56247

7.2HIGH

Key Information:

Vendor: WordPress
Status: WP Post Author
Vendor: CVE Published:; 2 January 2025

Summary

A vulnerability exists in the WP Post Author plugin by AF Themes, where improper neutralization of special elements used in SQL commands can lead to SQL injection attacks. This flaw enables attackers to manipulate SQL queries and potentially access, modify, or delete sensitive data. Users of the affected versions should implement security measures to mitigate risk and ensure the integrity of their applications.

Affected Version(s)

WP Post Author <= 3.8.2

References

https://patchstack.com/database/wordpress/plugin/wp-post-...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Dec 18, 2024

Credit

NAWardRox (Patchstack Alliance)