CVE-2024-3604

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jul 9, 2024

Updated: Aug 1, 2024

CWE ID 613

Summary

CVE-2024-3604 is a vulnerability affecting the OSM - OpenStreetMap plugin for WordPress. It allows authenticated attackers with contributor-level access or higher to inject SQL queries into existing ones through the 'tagged_filter' attribute of the 'osm_map_v3' shortcode. This occurs due to inadequate escaping of user-supplied data and insufficient query preparation. The consequence of this vulnerability is the potential extraction of sensitive information from the WordPress database. All versions up to and including 6.0.2 are impacted.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

K. De

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/v_6S56
https://www.cve.org/CVERecord?id=CVE-2024-3604
https://nvd.nist.gov/vuln/detail/CVE-2024-3604

Back to Vulnerability Database

CVE-2024-3604

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations