- Description
- The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floating_content_duplicate_post' function in all versions up to, and including, 3.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-89
- Hype score
- Not currently trending
CVE Alert: CVE-2024-12031 - https://t.co/ruHjXxF7k1 #OSINT #ThreatIntel #CyberSecurity #cve_2024_12031
@RedPacketSec
25 Dec 2024
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12031 SQL Injection in WordPress Advanced Floating Content Plugin (v3.8.2) The Advanced Floating Content plugin for WordPress has an issue. Up to version 3.8.2, it can suffer from an SQL Injection vulner... https://t.co/FQ5qMnzBBD
@VulmonFeeds
24 Dec 2024
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12031 The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floating_content_duplicate_post' function in all versions up to, and includ… https://t.co/o0eQILMUP9
@CVEnew
24 Dec 2024
411 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes