CVE-2024-11260

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 21, 2025

Updated: Feb 25, 2025

CWE ID 89

Summary

CVE-2024-11260 is a vulnerability affecting the Events Manager plugin for WordPress, versions up to 6.6.3. Hackers can exploit this issue by injecting malicious SQL queries through the active_status parameter, which is insufficiently escaped and prepared. This vulnerability allows unauthenticated attackers to extract sensitive information from the database by appending additional SQL queries to existing ones. The flaw stems from the plugin's failure to properly validate and sanitize user-supplied data, increasing the risk of data breaches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3jxyRh
https://www.cve.org/CVERecord?id=CVE-2024-11260
https://nvd.nist.gov/vuln/detail/CVE-2024-11260

Back to Vulnerability Database

CVE-2024-11260

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations