CVE-2024-30490
WordPress ProfileGrid plugin <= 5.7.8 - SQL Injection vulnerability
In short
The WordPress ProfileGrid plugin version 5.7.8 and earlier contains a SQL injection flaw that allows attackers to manipulate database queries, potentially exposing or modifying sensitive user data without proper authorization.
Technical detail
A SQL injection vulnerability in ProfileGrid <= 5.7.8 allows attackers to inject malicious SQL commands through insufficiently sanitized user input, potentially leading to unauthorized database access, data exfiltration, or modification. The vulnerability stems from improper neutralization of special SQL characters in user-supplied parameters.
Summary generated and translated by AI from the official description.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Affected products
Metagauss · ProfileGridWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →