← voltar
CVE-2024-3265

WP Advanced Search <= 1.1.6 - Admin+ SQL Injection

CVSS 4.7 MEDIUMEPSS 0.4%
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.7EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
25 abr 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L