4 matches found
CVE-2024-8484
The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-8484 REST API TO MiniProgram <= 4.7.1 - Unauthenticated SQL Injection
The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-8484 REST API TO MiniProgram <= 4.7.1 - Unauthenticated SQL Injection
The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...
WordPress REST API TO MiniProgram Plugin <= 4.7.1 is vulnerable to SQL Injection
Software REST API TO MiniProgram Type Plugin Vulnerable versions = 4.7.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8484 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a9593ec18e0a Credits wesley wcraft Required privilege...