CVE-2024-7717

NVD Published Date: August 31, 2024 at 09:15 AM
NVD Last Modified: September 03, 2024 at 12:59 PM
Download Patch
Vulnerability ID
CVE-2024-7717
Severity
HIGH
Severity Score
8.8
Summary
The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-89

Recent Publish

CVE-2024-0110

CVE-2024-0109

CVE-2024-0111

CVE-2024-8108

CVE-2022-4536

CVE-2022-4100

See SecOps Solution
in action

Schedule Demo