CVE-2024-32135 - OpenCVE

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPZest Disable Comments | WPZest.This issue affects Disable Comments | WPZest: from n/a through 1.51.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://patchstack.com/database/vulnerability/disable-comments-wpz/wordpress-disable-comments-wpzest-plugin-1-51-sql-injection-vulnerability?_s_id=cve

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-04-15T07:31:17.110Z

Updated: 2024-06-04T17:50:38.961Z

Reserved: 2024-04-11T13:14:10.420Z

Link: CVE-2024-32135

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-04-15T08:15:14.280

Modified: 2024-04-15T13:15:31.997

Link: CVE-2024-32135

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32135", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-04-11T13:14:10.420Z", "datePublished": "2024-04-15T07:31:17.110Z", "dateUpdated": "2024-06-04T17:50:38.961Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "disable-comments-wpz", "product": "Disable Comments | WPZest", "vendor": "WPZest", "versions": [{"lessThanOrEqual": "1.51", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Dimas Maulana (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPZest Disable Comments | WPZest.<p>This issue affects Disable Comments | WPZest: from n/a through 1.51.</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPZest Disable Comments | WPZest.This issue affects Disable Comments | WPZest: from n/a through 1.51.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-04-15T07:31:17.110Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/disable-comments-wpz/wordpress-disable-comments-wpzest-plugin-1-51-sql-injection-vulnerability?_s_id=cve"}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Disable Comments | WPZest plugin <= 1.51 - SQL Injection vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32135", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-15T13:33:06.320669Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:50:38.961Z"}}]}}