Description
The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks
Published: 2024-04-26
Score: 4.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00178}

 epss

{'score': 0.00181}

Wed, 07 May 2025 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Enl Newsletter Plugin Project
Enl Newsletter Plugin Project enl-newsletter
CPEs cpe:2.3:a:enl_newsletter_plugin_project:enl-newsletter:*:*:*:*:*:wordpress:*:*
Vendors & Products Enl Newsletter Plugin Project
Enl Newsletter Plugin Project enl-newsletter

Subscriptions

Enl Newsletter Plugin Project Enl-newsletter
cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2024-08-01T19:32:42.649Z

Reserved: 2024-03-28T20:35:49.358Z

Link: CVE-2024-3060

cve-icon Vulnrichment

Updated: 2024-08-01T19:32:42.649Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-26T05:15:50.397

Modified: 2025-05-07T18:05:58.957

Link: CVE-2024-3060

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses