CVE-2024-54304

CVSS 3.1 Score 8.5 of 10 (high)

Details

Published Dec 13, 2024
CWE ID 89

Summary

CVE-2024-54304 is a newly disclosed SQL Injection vulnerability affecting the Hive Support plugin for WordPress Help Desk. The flaw, which allows the neutralization of special elements in SQL commands, could be exploited to execute malicious SQL queries. Successful attacks could lead to unauthorized access to sensitive data or even complete system takeover. The vulnerability impacts all versions of Hive Support from n/a through 1.1.2, making it crucial for users to apply the available patch promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share