Lucene search

CVE-2024-6265

🗓️ 29 Jun 2024 05:03:15Reported by [email protected]Type

The UsersWP plugin for WordPress is vulnerable to time-based SQL Injection via the 'uwp_sort_by' parameter in all versions up to, and including, 1.2.10

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
CVE	CVE-2024-6265	29 Jun 202405:15	–	cve
Patchstack	WordPress UsersWP Plugin <= 1.2.10 is vulnerable to SQL Injection	1 Jul 202400:00	–	patchstack
Vulnrichment	CVE-2024-6265 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by'	29 Jun 202404:33	–	vulnrichment
Cvelist	CVE-2024-6265 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by'	29 Jun 202404:33	–	cvelist
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (June 24, 2024 to June 30, 2024)	3 Jul 202415:31	–	wordfence

Nvd

Node

ayecode userswpRange<1.2.11wordpress

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/3106884/
plugins	www.plugins.trac.wordpress.org/browser/userswp/tags/1.2.10/admin/settings/class-uwp-settings-user-sorting.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/37fd0582-5baf-4ced-a798-dc0970e90a3e

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

29 Jun 2024 05:15Current

CVSS39.8

EPSS0.02009

CWE-89