Time-Based SQL Injection Vulnerability in WP Post Author Plugin
CVE-2024-8757
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 12 October 2024
What is CVE-2024-8757?
The WP Post Author plugin for WordPress contains a vulnerability that allows authenticated users with Administrator-level access and above to exploit a time-based SQL Injection via the linked_user_id parameter. Due to insufficient escaping of user-supplied parameters and inadequate preparation in the SQL query, attackers can append additional SQL queries to extract sensitive information from the WordPress database. This vulnerability affects all versions of the WP Post Author plugin up to and including version 3.8.1, potentially leading to unauthorized data exposure.
Affected Version(s)
WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder * <= 3.8.1