The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
Metrics
Affected Vendors & Products
References
History
Mon, 07 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-89 | |
CPEs | cpe:2.3:a:stylemixthemes:cost_calculator_builder:*:*:*:*:*:wordpress:*:* |
Tue, 01 Oct 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Stylemixthemes
Stylemixthemes cost Calculator Builder |
|
CPEs | cpe:2.3:a:stylemixthemes:cost_calculator_builder:*:*:*:*:*:*:*:* | |
Vendors & Products |
Stylemixthemes
Stylemixthemes cost Calculator Builder |
|
Metrics |
cvssV3_1
|
Mon, 30 Sep 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. | |
Title | Cost Calculator Builder < 3.2.29 - Admin+ SQL Injection | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-09-30T06:00:07.069Z
Updated: 2024-10-01T14:13:20.982Z
Reserved: 2024-09-02T17:56:46.720Z
Link: CVE-2024-8379
Vulnrichment
Updated: 2024-10-01T14:13:15.527Z
NVD
Status : Analyzed
Published: 2024-09-30T06:15:14.697
Modified: 2024-10-07T15:49:54.653
Link: CVE-2024-8379
Redhat
No data.