CVE-2024-12157
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-12157 is a vulnerability affecting the Popup – MailChimp, GetResponse and ActiveCampaign Integrations plugin for WordPress. This issue allows unauthenticated attackers to inject SQL queries into the plugin via the 'id' parameter of the 'upc_delete_db_record' AJAX action. Due to insufficient escaping of user-supplied data and a lack of preparation of existing SQL queries, an attacker can append additional SQL queries to execute unauthorized extracts of sensitive information from the database. This vulnerability can pose a significant risk to websites using the plugin in its versions up to and including 3.2.6. It is strongly recommended that users update to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Popup Plugin