CVE-2024-3552 in Web Directory Free Plugininfo

Summary

by MITRE • 06/13/2024

The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

04/09/2024

Disclosure

06/13/2024

Moderation

accepted

Entry

VDB-266239

CPE

ready

CWE

CWE-89 (confirmed)

CVSS

7.3 (VulDB)

EPSS

0.67288

KEV

Activities

very low

Sector

Hostingprovider

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-3552
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-3552
CVE Details	https://www.cvedetails.com/cve/CVE-2024-3552/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!