Time-Based SQL Injection Vulnerability in WordPress Plugin
CVE-2024-7607
8.8HIGH
What is CVE-2024-7607?
The Front End Users plugin for WordPress is susceptible to time-based SQL Injection due to inadequate escaping of the user-supplied āorderā parameter, impacting all versions up to and including 3.2.28. Authenticated users with Contributor-level access or above can exploit this vulnerability to inject additional SQL queries into existing ones. This could lead to unauthorized access to sensitive database information, posing significant risks to the integrity and confidentiality of user data.
Affected Version(s)
Front End Users * <= 3.2.28