CVE-2024-4443

Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Published: 22/05/2024 Updated: 22/05/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated malicious users to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE-2024-4443 Business Directory Plugin – Easy Listing Directories for WordPress <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter

CVE-2024-4443-Poc CVE-2024-4443 Business Directory Plugin – Easy Listing Directories for WordPress <= 642 - Unauthenticated SQL Injection via listingfields Parameter Description The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter i

https://www.wordfence.com/threat-intel/vulnerabilities/id/982fb304-08d6-4195-97a3-f18e94295492?source=cve https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/fields/class-fieldtypes-select.php#L110 https://plugins.trac.wordpress.org/changeset/3089626/https://nvd.nist.gov https://github.com/truonghuuphuc/CVE-2024-4443-Poc

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-4443

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect