CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
33.2%
The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique.
Vendor | Product | Version | CPE |
---|---|---|---|
swit | wp_sessions_time_monitoring_full_automatic | * | cpe:2.3:a:swit:wp_sessions_time_monitoring_full_automatic:*:*:*:*:*:wordpress:*:* |
[
{
"vendor": "Unknown",
"product": "WP Sessions Time Monitoring Full Automatic",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "1.0.9"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]