CVE-2024-7607

NVD Published Date: August 29, 2024 at 11:15 AM
NVD Last Modified: August 30, 2024 at 03:41 PM
Download Patch
Vulnerability ID
CVE-2024-7607
Severity
HIGH
Severity Score
8.8
Summary
The Front End Users plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.2.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-89

Recent Publish

CVE-2024-7132

CVE-2024-29724

CVE-2024-7606

CVE-2024-29729

CVE-2024-7856

CVE-2024-29726

See SecOps Solution
in action

Schedule Demo