CVE-2024-27956

CRITICAL9.9

Public PoCHigh EPSS

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

High

Availability

Low

Affected products

ValvePress / Automaticn/a – 3.92.0

Exploits & PoCs

nucleiWordPress Automatic Plugin <= 3.92.0 - SQL Injectionby DhiyaneshDK

References

MISChttps://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-unauthenticated-arbitrary-sql-execution-vulnerability?_s_id=cve
MISChttps://patchstack.com/articles/critical-vulnerabilities-patched-in-wordpress-automatic-plugin?_s_id=cve