CVE-2024-13435

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 12, 2025

Updated: Feb 25, 2025

CWE ID 89

Summary

CVE-2024-13435: The Ebook Downloader plugin for WordPress, affecting versions up to and including 1.0, contains a critical SQL Injection vulnerability. Attackers can exploit this flaw by injecting malicious SQL queries through the 'download' parameter without proper escaping. Consequently, unauthenticated assailants can manipulate existing SQL queries, potentially exposing sensitive data from the WordPress database.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2gQOPk
https://www.cve.org/CVERecord?id=CVE-2024-13435
https://nvd.nist.gov/vuln/detail/CVE-2024-13435

Back to Vulnerability Database

CVE-2024-13435

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations