CVE-2024-12270

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 7, 2024
CWE ID 89

Summary

CVE-2024-12270 is a vulnerability affecting the Beautiful Taxonomy Filters plugin for WordPress. The issue lies in the absence of proper escaping and query preparation for the 'selects[0][term]' parameter. Consequently, unauthenticated attackers can inject additional SQL queries into existing ones, potentially extracting sensitive information from the database. This vulnerability puts WordPress sites using the Beautiful Taxonomy Filters plugin version 2.4.3 and below at risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share