CVE-2024-3060

CWE-89 — SQL Injection3 documents3 sources

Severity

4.5MEDIUM

EPSS

0.2%

top 60.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown ENL Newsletter ENL Newsletter Plugin Project Enl-newsletter

Timeline

PublishedApr 26

Description

The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

▶NVDenl_newsletter_plugin_project/enl-newsletter1.0.1

▶CVEListV5unknown/enl_newsletter1.0.1

🔴Vulnerability Details

GHSA

GHSA-w6rp-qpf9-cggq: The ENL Newsletter WordPress plugin through 1↗2024-04-26

▶

CVEList

ENL Newsletter <= 1.0.1 - Admin+ SQL Injection↗2024-04-26

▶