SQL Injection Vulnerability in SSL Wireless SMS Notification by SSL Wireless
CVE-2024-56284

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Ssl Wireless Sms Notification
Vendor: CVE Published:; 7 January 2025

Summary

A vulnerability has been identified in the SSL Wireless SMS Notification plugin that allows for improper neutralization of special elements in SQL commands, leading to SQL Injection attacks. This issue poses a risk to any system using versions from n/a to 3.5.0, enabling attackers to potentially manipulate database queries, gain unauthorized access, and extract sensitive information. Users of the SSL Wireless SMS Notification should update to the latest version to mitigate this risk.

Affected Version(s)

SSL Wireless SMS Notification <= 3.5.0

References

https://patchstack.com/database/wordpress/plugin/ssl-wire...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 7, 2025
Vulnerability Reserved
Dec 18, 2024

Credit

LVT-tholv2k (Patchstack Alliance)