3 matches found
CVE-2024-3217 WP Directory Kit <= 1.3.0 - Authenticated (Subscriber+) SQL Injection
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attributevalue' and 'attributeid' parameters in all versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2024-3217
CVE-2024-3217 affects WP Directory Kit for WordPress; the vulnerability is an SQL Injection via attribute_id and attribute_value in all versions up to 1.3.0 caused by insufficient escaping and query preparation. This allows an authenticated attacker with subscriber-level access or higher to injec...
WordPress WP Directory Kit Plugin <= 1.3.0 is vulnerable to SQL Injection
Software WP Directory Kit Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3217 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 19868a4ed5a4 Credits Lucio Sá Required privilege Subscriber Publishe...