The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Metrics
Affected Vendors & Products
References
History
Tue, 05 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:tezzeract:league_of_legends_shortcodes:*:*:*:*:*:wordpress:*:* |
Fri, 25 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Tezzeract
Tezzeract league Of Legends Shortcodes |
|
CPEs | cpe:2.3:a:tezzeract:league_of_legends_shortcodes:*:*:*:*:*:*:*:* | |
Vendors & Products |
Tezzeract
Tezzeract league Of Legends Shortcodes |
|
Metrics |
ssvc
|
Fri, 25 Oct 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |
Title | League of Legends Shortcodes <= 1.0.1 - Authenticated (Contributor+) SQL Injection via Shortcode | |
Weaknesses | CWE-89 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-10-25T07:37:57.703Z
Updated: 2024-10-25T20:24:06.158Z
Reserved: 2024-10-24T12:34:37.272Z
Link: CVE-2024-10341
Vulnrichment
Updated: 2024-10-25T20:23:59.037Z
NVD
Status : Analyzed
Published: 2024-10-25T08:15:02.467
Modified: 2024-11-05T17:51:44.597
Link: CVE-2024-10341
Redhat
No data.