The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-06-13T06:00:02.892Z
Updated: 2024-08-01T20:33:52.569Z
Reserved: 2024-04-24T20:08:32.926Z
Link: CVE-2024-4145
Vulnrichment
Updated: 2024-08-01T20:33:52.569Z
NVD
Status : Modified
Published: 2024-06-13T06:15:11.920
Modified: 2024-07-03T02:07:08.133
Link: CVE-2024-4145
Redhat
No data.