Overview
- Description
- The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users
- Source
- contact@wpscan.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- contact@wpscan.com
- CWE-89
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpmanageninja:fluent_support:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "52F4EDCA-9CDF-405E-B765-F044C495196B",
"versionEndExcluding": "1.5.8"
}
],
"operator": "OR"
}
]
}
]