Description

WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup is prone to multiple vulnerabilities, including arbitrary file download and arbitrary code execution vulnerabilities. Exploiting these issues could allow an attacker to gain access to sensitive information, which may aid in launching further attacks, to execute arbitrary commands with the privileges of the user running the application, to compromise the application or the underlying database, to access or modify data or to compromise a vulnerable system. WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup version 4.11.33 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 4.11.37 or latest

References

https://www.exploit-db.com/exploits/38176/

Related Vulnerabilities

WebLogic CVE-2021-2378 Vulnerability (CVE-2021-2378)

WordPress Plugin AMP for WP-Accelerated Mobile Pages Security Bypass (0.9.97.19)

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33829)

PHP CVE-2007-4670 Vulnerability (CVE-2007-4670)

Joomla CVE-2012-0835 Vulnerability (CVE-2012-0835)

Severity

High

Classification

CWE-22 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update