3 matches found
CVE-2024-2344
The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticted...
CVE-2024-2344
CVE-2024-2344 (Avada Theme for WordPress) : SQL Injection via the 'entry' parameter affects all versions up to 7.11.6. Root cause: insufficient escaping of user input and inadequate preparation of the existing SQL query. Exploitation requires editor-level access or higher (authenticated). Impact ...
WordPress Avada Theme <= 7.11.6 is vulnerable to SQL Injection
Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2344 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 15fee136284a Credits Muhammad Zeeshan Xib3rR4dAr Required privilege Administrato...