Lucene search

Japan Vulnerability NotesJVN:79213252

HistoryJun 07, 2024 - 12:00 a.m.

JVN#79213252: WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection

2024-06-0700:00:00

Japan Vulnerability Notes

jvn.jp

sql injection

cwe-89

database security

wordpress plugin

music store

codepeople

update plugin

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

30.1%

JSON

WordPress Plugin “Music Store - WordPress eCommerce” provided by CodePeople contains an SQL injection vulnerability (CWE-89).

Impact

A user of the product with the administrator privilege may execute an arbitrary SQL command. Information stored in the database may be obtained or altered by the user.

Solution

Update the plugin
Update the plugin to the latest version according to the information provided by the developer.

Products Affected

Music Store - WordPress eCommerce versions prior to 1.1.14

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

30.1%

JSON

Related for JVN:79213252