CVE-2024-4847

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published May 15, 2024

Summary

CVE-2024-4847 is a vulnerability affecting the Alt Text AI plugin for WordPress. This issue allows authenticated attackers with Subscriber-level access and above to inject SQL queries into the 'last_post_id' parameter, bypassing insufficient escaping and lack of preparation on existing SQL queries. Exploitation of this vulnerability can result in the extraction of sensitive information from the database. WordPress users are advised to upgrade to the latest version of the plugin to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/v6eeQH
https://www.cve.org/CVERecord?id=CVE-2024-4847
https://nvd.nist.gov/vuln/detail/CVE-2024-4847

Back to Vulnerability Database

CVE-2024-4847

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations