5 matches found
CVE-2024-3552
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based...
CVE-2024-3552 Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based...
CVE-2024-3552
CVE-2024-3552 affects the Web Directory Free WordPress plugin prior to 1.7.0. An unauthenticated AJAX action uses an unsanitised parameter in a SQL statement, enabling SQL injection via UNION, time-based, and error-based techniques, potentially compromising the database. The nuclei template confi...
CVE-2024-3552
creationtimestamp| type| source ---|---|--- 2024-05-27 15:40:31+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/7435...
WordPress Web Directory Free Plugin < 1.7.0 is vulnerable to SQL Injection
Software Web Directory Free Type Plugin Vulnerable versions 1.7.0 Fixed in 1.7.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3552 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 93c3a72f236f Credits Simone Onofri Kim Cerra Andrea De Dominicis...