CVE-2024-13369

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 18, 2025

Updated: Feb 21, 2025

CWE ID 89

Summary

CVE-2024-13369 is a vulnerability affecting the Tour Master plugin used in WordPress for tour booking, travel, and hotel services. This issue allows authenticated attackers with Subscriber-level access or higher to perform time-based SQL injections by manipulating the 'review_id' parameter. Insufficient escaping on user-supplied data and a lack of proper SQL query preparation lead to the vulnerability. Attackers can exploit this flaw to extract sensitive information from the database by appending malicious SQL queries to existing ones. All versions up to and including 5.3.6 are vulnerable.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2cQwJ-
https://www.cve.org/CVERecord?id=CVE-2024-13369
https://nvd.nist.gov/vuln/detail/CVE-2024-13369

Back to Vulnerability Database

CVE-2024-13369

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations