CVSS 3.1 Score 8.8 of 10 (high)


Published Feb 7, 2024
Updated: Feb 10, 2024


CVE-2024-1118 is a vulnerability found in the Podlove Subscribe button plugin for WordPress. This vulnerability affects all versions up to and including 1.3.10 of the plugin. It is classified as a UNION-based SQL Injection vulnerability, which allows authenticated attackers with contributor-level access or higher to inject additional SQL queries into existing queries, potentially leading to the extraction of sensitive information from the database. The affected products include various versions of rF-RZb, rF-RZa, rF-RZZ, rF-RZY, rF-RZf, rF-RZe, rF-RZd, rF-RZc, rF-RZj, rF-RZi, rF-RZh, rF-RZg, rF-RZn, rF-RZm, rF-RZl, rF-RZk, rF-RZq, rF-RZp, and rF-RZo. The remediation for this vulnerability would involve updating the Podlove Subscribe button plugin to a version that addresses the issue. This vulnerability poses a high risk to organizations as it can be exploited to compromise the confidentiality and integrity of their database.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-1118 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options