Lucene search
WPScanCVE-2024-8379HistorySep 30, 2024 - 6:15 a.m.
CVE-2024-8379
2024-09-3006:15:14
WPScan
web.nvd.nist.gov
6
cost calculator
wordpress
sql injection
admin role
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
7.1
Confidence
High
EPSS
0
Percentile
9.6%
The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
Affected configurations
Node
stylemixthemescost_calculator_builderRange<3.2.29wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| stylemixthemes | cost_calculator_builder | * | cpe:2.3:a:stylemixthemes:cost_calculator_builder:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Cost Calculator Builder",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "3.2.29"
}
],
"defaultStatus": "unaffected"
}
]Related
vulnrichment
vulnrichment
CVE-2024-8379 Cost Calculator Builder < 3.2.29 - Admin+ SQL Injection
2024-09-30 06:00:07
nvd
nvd
CVE-2024-8379
2024-09-30 06:15:14
cvelist
cvelist
CVE-2024-8379 Cost Calculator Builder < 3.2.29 - Admin+ SQL Injection
2024-09-30 06:00:07
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
7.1
Confidence
High
EPSS
0
Percentile
9.6%
Related for CVE-2024-8379