SQL Injection Vulnerability in Just Writing Statistics by GregRoss
CVE-2024-56250

7.6HIGH

Key Information:

Vendor: WordPress
Status: Just Writing Statistics
Vendor: CVE Published:; 2 January 2025

Summary

An SQL Injection vulnerability exists in Just Writing Statistics developed by GregRoss, allowing attackers to manipulate SQL commands through improper neutralization of special elements. This affects versions from n/a up to 4.7, potentially allowing unauthorized access to database information. Proper validation and sanitization measures are necessary to mitigate the risk associated with this vulnerability.

Affected Version(s)

Just Writing Statistics <= 4.7

References

https://patchstack.com/database/wordpress/plugin/just-wri...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Dec 18, 2024

Credit

l8BL (Patchstack Alliance)