CVE-2019-25212
CVSS 3.1 Score 9.1 of 10 (high)
Details
Summary
CVE-2019-25212 is a critical SQL Injection vulnerability affecting the video carousel slider with lightbox plugin for WordPress, specifically in all versions up to and including 1.0.6. The vulnerability arises from insufficient escaping of the user-supplied 'id' parameter, allowing authenticated attackers with administrator-level access to execute additional SQL queries that can compromise sensitive database information. To remediate this issue, users should upgrade to version 1.0.7 or later of the plugin. The potential danger posed by this vulnerability includes high risks to confidentiality, integrity, and availability of data within an organization’s database systems. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 9.1, indicating its severe impact and low complexity of exploitation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.