CVE-2024-11437

Summary

CVE-2024-11437 is a vulnerability affecting the Timeline Designer plugin for WordPress. This issue allows unauthenticated attackers to inject SQL queries into the plugin through the 's' parameter. The vulnerability stems from insufficient escaping of user-supplied data and a lack of sufficient preparation of existing SQL queries. As a result, attackers can extract sensitive information from the database by appending malicious SQL code to the plugin's queries. WordPress users running affected versions of the Timeline Designer plugin (up to and including version 1.4) are advised to update to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.