CVE-2024-8679
CVSS 3.1 Score 6.8 of 10 (medium)
Details
Published Dec 7, 2024
CWE ID 89
Summary
CVE-2024-8679 is a vulnerability affecting the Manage e-Digital Books Library plugin for WordPress. The issue lies in the 'owt_lib_handler' AJAX action, where the 'value' parameter is insufficiently escaped, allowing authenticated attackers with Administrator-level access to inject additional SQL queries. As a result, sensitive information can be extracted from the database. This vulnerability poses a serious risk for WordPress sites using this plugin, and it is recommended that users update to the latest version as soon as possible to mitigate the threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share