CVE-2024-11437

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Jan 7, 2025
CWE ID 89

Summary

CVE-2024-11437 is a vulnerability affecting the Timeline Designer plugin for WordPress. This issue allows unauthenticated attackers to conduct SQL Injection attacks by exploiting insufficient escaping on the 's' parameter and the lack of sufficient preparation on existing SQL queries in all plugin versions up to 1.4. Attackers can manipulate these queries to inject their own malicious SQL commands, enabling the extraction of sensitive information from the database. WordPress users are strongly advised to update their Timeline Designer plugin to a secure version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share