Vulnerabilities

CVE-2024-0566

by Fred · 12/02/2024

The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

More information : https://wpscan.com/vulnerability/ca83db95-4a08-4615-aa8d-016022404c32/

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : HIGH
User interaction : NONE
Confidentiality impact : HIGH
Integrity impact : HIGH
Base score : 7.2
Base severity : HIGH
Exploitability score : 1.2
Impact score : 5.9

Similar

Tags: Cybersecurity Alert