CVE-2024-0594

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 10, 2024

Updated: Feb 15, 2024

CWE ID 89

Summary

CVE-2024-0594 is a SQL injection vulnerability affecting the Awesome Support plugin for WordPress. This issue, present in versions up to 6.1.7, allows authenticated attackers with subscriber-level access or higher to inject malicious SQL queries into the wpas_get_users action by means of insufficient escaping on the 'q' parameter. The attacker can leverage this to access sensitive data from the WordPress database by appending additional SQL queries to existing ones. This vulnerability poses a significant risk, as it enables unauthorized access and data extraction.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uKmCWQ
https://www.cve.org/CVERecord?id=CVE-2024-0594
https://nvd.nist.gov/vuln/detail/CVE-2024-0594

Back to Vulnerability Database

CVE-2024-0594

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations