CVE-2024-43918 – WordPress WBW Product Table PRO plugin <= 1.9.4 - Unauthenticated Arbitrary SQL Query Execution vulnerability

https://notcve.org/view.php?id=CVE-2024-43918

22 Aug 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4. The WBW Product Table Pro plugin for WordPress is vulnerable to unauthorized arbitrary SQL Execution due to a missing capability check on a function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to execute arbitrary SQL queries that can be used ... • https://github.com/KTN1990/CVE-2024-43918 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-862: Missing Authorization •