CVE-2024-12025

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 18, 2024

CWE ID 89

Summary

CVE-2024-12025 is a vulnerability affecting the Collapsing Categories plugin for WordPress. It allows unauthenticated attackers to execute SQL Injection attacks by appending malicious queries to the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API. The issue arises due to insufficient escaping of user-supplied input and the lack of proper preparation of existing SQL queries. As a result, sensitive information can be extracted from the database. Versions up to and including 3.0.8 of the plugin are vulnerable to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1KWWeI
https://www.cve.org/CVERecord?id=CVE-2024-12025
https://nvd.nist.gov/vuln/detail/CVE-2024-12025

Back to Vulnerability Database

CVE-2024-12025

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations