Lucene search

PatchstackCVELIST:CVE-2024-34386

HistoryMay 06, 2024 - 6:15 p.m.

CVE-2024-34386 WordPress Auto Affiliate Links plugin <= 6.4.3.1 - SQL Injection vulnerability

2024-05-0618:15:00

CWE-89

Patchstack

www.cve.org

wordpress

sql injection

cve-2024-34386

lucian apostol

auto affiliate links

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

8.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-auto-affiliate-links",
    "product": "Auto Affiliate Links",
    "vendor": "Lucian Apostol",
    "versions": [
      {
        "changes": [
          {
            "at": "6.4.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.4.3.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-auto-affiliate-links/wordpress-auto-affiliate-links-plugin-6-4-3-1-sql-injection-vulnerability?_s_id=cve

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

8.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-34386