Overview
- Description
- The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection
- Source
- contact@wpscan.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getcloudsms:joy_of_text_lite:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "7F4CB018-61A1-49A4-A94F-736CD1554C7C",
"versionEndExcluding": "2.3.1"
}
],
"operator": "OR"
}
]
}
]