CVE-2024-47312 – Classic Editor and Classic Widgets

Published : 2024-10-17

Title: WordPress Classic Editor and Classic Widgets plugin <= 1.4.1 – SQL Injection vulnerability

Description

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPGrim Classic Editor and Classic Widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through 1.4.1.

CWE

CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

CVSS

Score	Severity	Version	Vector String
8.5	HIGH	3.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Vendor : n/a

Product: Classic Editor and Classic Widgets

Vulnerable Versions: n/a through 1.4.1

Proof of Concept:

REDACTED

Vulnerability found by: DFEND Security Researcher

References:

– https://patchstack.com/database/vulnerability/classic-editor-and-classic-widgets/wordpress-classic-editor-and-classic-widgets-plugin-1-4-1-sql-injection-vulnerability?_s_id=cve

Gallery

Contacts

CVE-2024-47312 – Classic Editor and Classic Widgets

Description

DFEND S.R.L.

CONTATTI

Gallery

Contacts

Description

CVE-2024-47306 – Secure Copy Content Protection and Content Locking

CVE-2024-49244 – CSV Product Import Export for WooCommerce

DFEND S.R.L.

CONTATTI