CVE-2024-3293 – The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to …

23 April 2024

Vuln ID: CVE-2024-3293

Published: 2024-04-23 02:15:48.390

Description: The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Base Score: 8.8 – HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Source: NVD.NIST.GOV

Date:

23 April 2024

Categorie(s):

NVD

Tag(s):

NVD

It may take decade to shore up software supply chain security, says infosec CEO3 May 2024
U.K., U.S. and Canadian Cyber Authorities Warn of Pro-Russia Hacktivist Attacks on Operational Technology Systems3 May 2024
Top 5 Global Cyber Security Trends of 2023, According to Google Report3 May 2024
Stronger cybersecurity aimed by Menlo Security, Google Cloud collaboration3 May 2024
How Are APAC Tech Salaries Faring in 2024?3 May 2024