CVE-2024-0709

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 5, 2024
Updated: Feb 13, 2024
CWE ID 89

Summary

CVE-2024-0709: A vulnerability affects the Cryptocurrency Widgets plugin for WordPress in versions 2.0 to 2.6.5. An SQL Injection issue arises due to insufficient escaping on the 'coinslist' parameter and the lack of proper preparation of existing SQL queries. Unauthenticated attackers can exploit this vulnerability by appending malicious SQL queries into existing ones, potentially extracting sensitive information from the database.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share