Secure Your Database from SQL Injection Vulnerabilities
CVE-2024-8621

6.5MEDIUM

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
25 September 2024

Summary

The Daily Prayer Time plugin for WordPress has a security flaw allowing SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode. This vulnerability arises from inadequate escaping of user-supplied parameters and insufficient preparation of existing SQL queries. Authenticated attackers with Contributor-level access or higher can exploit this issue to inject additional SQL queries. The exploitation may lead to unauthorized access to sensitive data stored within the database, putting user and site information at risk. Immediate action is advised to mitigate potential exploits.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.