Description

WordPress Plugin Consulting Elementor Widgets is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Consulting Elementor Widgets version 1.3.0 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.3.1 or latest

References

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/consulting-elementor-widgets/consulting-elementor-widgets-130-authenticated-contributor-sql-injection

https://docs.stylemixthemes.com/consulting-theme-documentation/extra-materials/changelog

Related Vulnerabilities

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-45020)

WordPress Plugin Translate WordPress with GTranslate Cross-Site Scripting (2.8.51)

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2015-8103)

MySQL CVE-2015-2566 Vulnerability (CVE-2015-2566)

WordPress Plugin SS Downloads Multiple Cross-Site Scripting Vulnerabilities (1.4.4.1)

Severity

High

Classification

CVE-2024-37090 CWE-89 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update SQL Injection