CVE-2024-8379

The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:stylemixthemes:cost_calculator_builder:*:*:*:*:*:wordpress:*:*

History

07 Oct 2024, 15:49

Type Values Removed Values Added
CWE CWE-89
CPE cpe:2.3:a:stylemixthemes:cost_calculator_builder:*:*:*:*:*:wordpress:*:*
References () https://wpscan.com/vulnerability/a3463d5a-8215-4958-a6c0-039681c35a50/ - () https://wpscan.com/vulnerability/a3463d5a-8215-4958-a6c0-039681c35a50/ - Exploit, Third Party Advisory
First Time Stylemixthemes
Stylemixthemes cost Calculator Builder

01 Oct 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.2

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) El complemento Cost Calculator Builder de WordPress anterior a la versión 3.2.29 no desinfecta ni escapa correctamente un parámetro antes de usarlo en una declaración SQL, lo que genera una inyección SQL explotable por usuarios con un rol tan bajo como Administrador.

30 Sep 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-30 06:15

Updated : 2024-10-07 15:49


NVD link : CVE-2024-8379

Mitre link : CVE-2024-8379

CVE.ORG link : CVE-2024-8379


JSON object : View

Products Affected

stylemixthemes

  • cost_calculator_builder
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')