CVE-2024-1203

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 13, 2024

Summary

CVE-2024-1203 is a vulnerability in the Conversios - Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress. The vulnerability allows for SQL Injection through the 'valueData' parameter in versions up to 6.9.1. This occurs due to insufficient escaping on the user-supplied parameter and lack of preparation on the existing SQL query. Authenticated attackers with subscriber-level access or higher can exploit this vulnerability to append additional SQL queries, potentially extracting sensitive information from the database. The base severity of this vulnerability is rated as HIGH, with a score of 8.8 out of 10, and it poses a significant risk to organizations utilizing this plugin.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-1203 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options