Unauthenticated SQL Injection Vulnerability in Themify WooCommerce Product Filter Plugin
CVE-2024-6027

7.5HIGH

Key Information:

Vendor

Wordpress
Status
Themify – WooCommerce Product Filter
Vendor
CVE Published:
21 June 2024

Badges

πŸ“° News Worthy

What is CVE-2024-6027?

The article discusses a critical vulnerability, CVE-2024-6027, in the Themify WooCommerce Product Filter plugin for WordPress, allowing for unauthenticated SQL injection attacks. The vulnerability affects all versions up to 1.4.9. The potential impact includes the extraction of sensitive information from the database, and while there are no known exploits or ransomware attacks targeting this vulnerability, it is important for users to update to the latest version to safeguard their systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Themify – WooCommerce Product Filter * <= 1.4.9

News Articles

favicon imageCyber Security Informer

Top Cyber Security Informer Security Defenses CISO Content for Fri.Jun 21, 2024

Best content around Security Defenses CISO selected by the Cyber Security Informer community.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/themify-wc-pro...
https://themify.org/changelogs/themify-wc-product-filter.txt

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by Cyber Security Informer

  • Vulnerability published

  • Vulnerability Reserved

Credit

Arkadiusz Hydzik
JSON
.