CVE-2024-11437
CVSS 3.1 Score 4.9 of 10 (medium)
Details
Summary
CVE-2024-11437 is a vulnerability affecting the Timeline Designer plugin for WordPress. This issue allows unauthenticated attackers to conduct SQL Injection attacks by exploiting insufficient escaping on the 's' parameter and the lack of sufficient preparation on existing SQL queries in all plugin versions up to 1.4. Attackers can manipulate these queries to inject their own malicious SQL commands, enabling the extraction of sensitive information from the database. WordPress users are strongly advised to update their Timeline Designer plugin to a secure version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.