CVE-2024-1514

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 28, 2024

Summary

CVE-2024-1514 is a vulnerability affecting the WP eCommerce plugin for WordPress. This issue allows unauthenticated attackers to perform time-based blind SQL Injection attacks through the 'cart_contents' parameter, which stems from insufficient escaping on user-supplied data and an lack of preparation of existing SQL queries. Consequently, adversaries can append additional SQL queries to already established ones, potentially extracting sensitive information from the database. Versions up to and including 3.15.1 are susceptible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uhWZaz
https://www.cve.org/CVERecord?id=CVE-2024-1514
https://nvd.nist.gov/vuln/detail/CVE-2024-1514

Back to Vulnerability Database

CVE-2024-1514

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations