Lucene search

Apple502jPATCHSTACK:5C9E3C0519973290F85E27CA2E6B3BF2

HistoryMay 31, 2021 - 12:00 a.m.

WordPress Yes/No Chart plugin <= 1.0.11 - Authenticated Blind SQL Injection (SQLi) vulnerability

2021-05-3100:00:00

Apple502j

patchstack.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

Authenticated Blind SQL Injection (SQLi) vulnerability discovered by Apple502j in WordPress Yes/No Chart plugin (versions <= 1.0.11).

Solution

           Update the WordPress Yes/No Chart plugin to the latest available version (at least 1.0.12).

CPENameOperatorVersion
yes/no chartle1.0.11

CPE	Name	Operator	Version
	yes/no chart	le	1.0.11

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24360

wordpress.org/plugins/yesno/#developers

wpscan.com/vulnerability/d9586453-cc5c-4d26-bb45-a6370c9427fe

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

Related for PATCHSTACK:5C9E3C0519973290F85E27CA2E6B3BF2