3 matches found
CVE-2024-0405 Burst Statistics Really Simple Plugins <= 1.5.3 - Authenticated (Editor+) SQL Injection
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'pageid', 'pageurl', 'platform', a...
CVE-2024-0405
The CVE-2024-0405 entry concerns Burst Statistics – Privacy-Friendly Analytics for WordPress (plugin), version 1.5.3, vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in /wp-json/burst/v1/data/compare (parameters include browser, device, page_id, page_url, platform, ref...
WordPress Burst Statistics Plugin <= 1.5.3 is vulnerable to SQL Injection
Software Burst Statistics Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.5.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0405 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 5b21f7530708 Credits Ivan Spiridonov xbz0n Required privilege Editor...