Home

Description

The TS Poll WordPress plugin before 2.4.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

PUBLISHED Reserved 2024-09-09 | Published 2024-10-21 | Updated 2024-10-21 | Assigner WPScan

Problem types

CWE-89 SQL Injection

Product status

Default status
unaffected

Any version before 2.4.0
affected

Credits

Chu Quoc Khanh finder

WPScan coordinator

References

wpscan.com/...rability/ab4d7065-4ea2-4233-9593-0f540f91f45e/ exploit vdb-entry technical-description

cve.org (CVE-2024-8625)

nvd.nist.gov (CVE-2024-8625)

Download JSON