3 matches found
CVE-2024-1514
creationtimestamp| type| source ---|---|--- 2024-03-14 19:27:03+00:00| seen| https://t.me/ctinow/208059...
CVE-2024-1514
CVE-2024-1514 affects the WP eCommerce plugin for WordPress. It allows time-based blind SQL injection via the cart_contents parameter in all versions up to 3.15.1 due to insufficient escaping and lack of prepared statements, enabling unauthenticated attackers to append SQL to existing queries to ...
WordPress WP eCommerce Plugin <= 3.15.1 is vulnerable to SQL Injection
Software WP eCommerce Type Plugin Vulnerable versions = 3.15.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1514 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID f754fed772bb Credits Krzysztof Zając Required privilege Unauthenticated...