Unauthenticated SQL Injection Vulnerability in Themify WooCommerce Product Filter Plugin
CVE-2024-6027

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Themify – WooCommerce Product Filter
Vendor: CVE Published:; 21 June 2024

Badges

📰 News Worthy

Summary

The article discusses a critical vulnerability, CVE-2024-6027, in the Themify WooCommerce Product Filter plugin for WordPress, allowing for unauthenticated SQL injection attacks. The vulnerability affects all versions up to 1.4.9. The potential impact includes the extraction of sensitive information from the database, and while there are no known exploits or ransomware attacks targeting this vulnerability, it is important for users to update to the latest version to safeguard their systems.

Affected Version(s)

Themify – WooCommerce Product Filter * <= 1.4.9

News Articles

Cyber Security Informer

CVE-2024-28397 CVE-2024-6027

Top Cyber Security Informer Security Defenses CISO Content for Fri.Jun 21, 2024

Best content around Security Defenses CISO selected by the Cyber Security Informer community.

7 months ago

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/themify-wc-pro...

https://themify.org/changelogs/themify-wc-product-filter.txt

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by Cyber Security Informer
Jun 24, 2024
Vulnerability published
Jun 21, 2024
Vulnerability Reserved
Jun 14, 2024

Credit

Arkadiusz Hydzik

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Top Cyber Security Informer Security Defenses CISO Content for Fri.Jun 21, 2024

References

CVSS V3.1

Timeline

Credit