CVE-2024-50465 – Premium SEO Pack
Published : 2024-10-28
Title: WordPress Premium SEO Pack plugin <= 1.6.001 – SQL Injection vulnerability
Description
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP SEO – Calin Vingan Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 1.6.001.
CWE
CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
CVSS
| Score | Severity | Version | Vector String |
| 8.5 | HIGH | 3.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L |
Vendor : n/a
Product: Premium SEO Pack
Vulnerable Versions: n/a through 1.6.001
Proof of Concept:
REDACTEDVulnerability found by: DFEND Security Researcher
References:
– https://patchstack.com/database/vulnerability/premium-seo-pack/wordpress-premium-seo-pack-plugin-1-6-001-sql-injection-vulnerability?_s_id=cve
– https://www.cve.org/CVERecord?id=CVE-2024-50465