1 results (0.003 seconds)
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1
CVE-2024-43918 – WordPress WBW Product Table PRO plugin <= 1.9.4 - Unauthenticated Arbitrary SQL Query Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-43918
22 Aug 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4. The WBW Product Table Pro plugin for WordPress is vulnerable to unauthorized arbitrary SQL Execution due to a missing capability check on a function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to execute arbitrary SQL queries that can be used ... • https://github.com/KTN1990/CVE-2024-43918 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-862: Missing Authorization •