nvd-json-data-feeds/CVE-2024/CVE-2024-32xx/CVE-2024-3265.json

{
  "id": "CVE-2024-3265",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2024-04-25T22:15:09.043",
  "lastModified": "2024-07-03T02:06:07.057",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations."
    },
    {
      "lang": "es",
      "value": "El complemento Advanced Search de WordPres hasta la versi\u00f3n 1.1.6 no escapa correctamente a los par\u00e1metros agregados a una consulta SQL, lo que hace posible que los usuarios con funci\u00f3n de administrador realicen ataques de inyecci\u00f3n SQL en el contexto de configuraciones de WordPress multisitio."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.4
      }
    ]
  },
  "references": [
    {
      "url": "https://wpscan.com/vulnerability/ecb74622-eeed-48b6-a944-4e3494d6594d/",
      "source": "contact@wpscan.com"
    }
  ]
}