Lucene search
K

4 matches found

NVD
NVD
added 2024/09/25 3:15 a.m.34 views

CVE-2024-8484

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS0.03792EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/09/25 2:5 a.m.14 views

CVE-2024-8484 REST API TO MiniProgram <= 4.7.1 - Unauthenticated SQL Injection

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS7.7AI score0.03792EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/09/25 2:5 a.m.40 views

CVE-2024-8484 REST API TO MiniProgram <= 4.7.1 - Unauthenticated SQL Injection

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS0.03792EPSS
Exploits1References3
Patchstack
Patchstack
added 2024/09/24 12:0 a.m.19 views

WordPress REST API TO MiniProgram Plugin <= 4.7.1 is vulnerable to SQL Injection

Software REST API TO MiniProgram Type Plugin Vulnerable versions = 4.7.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8484 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a9593ec18e0a Credits wesley wcraft Required privilege...

7.5CVSS9.5AI score0.03792EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder