WordPress Simple HTML Sitemap Plugin Vulnerable to SQL Injection
CVE-2024-7385
7.2HIGH
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 25 September 2024
What is CVE-2024-7385?
The Simple HTML Sitemap plugin for WordPress is exposed to SQL Injection attacks due to inadequate parameter escaping on the 'id' parameter and a failure to properly prepare existing SQL queries. This vulnerability allows authenticated users with Administrator-level access and above to insert harmful SQL queries into valid ones, potentially leading to unauthorized exposure of sensitive database information. Website administrators should review their configurations and implement necessary updates to mitigate risks associated with this plugin.
Affected Version(s)
WordPress Simple HTML Sitemap * <= 3.1