CVE-2024-54304
CVSS 3.1 Score 8.5 of 10 (high)
Details
Published Dec 13, 2024
CWE ID 89
Summary
CVE-2024-54304 is a newly disclosed SQL Injection vulnerability affecting the Hive Support plugin for WordPress Help Desk. The flaw, which allows the neutralization of special elements in SQL commands, could be exploited to execute malicious SQL queries. Successful attacks could lead to unauthorized access to sensitive data or even complete system takeover. The vulnerability impacts all versions of Hive Support from n/a through 1.1.2, making it crucial for users to apply the available patch promptly.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share