CVE-2024-0709
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Feb 5, 2024
Updated: Feb 13, 2024
CWE ID 89
Summary
CVE-2024-0709: A vulnerability affects the Cryptocurrency Widgets plugin for WordPress in versions 2.0 to 2.6.5. An SQL Injection issue arises due to insufficient escaping on the 'coinslist' parameter and the lack of proper preparation of existing SQL queries. Unauthenticated attackers can exploit this vulnerability by appending malicious SQL queries into existing ones, potentially extracting sensitive information from the database.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share