Description

WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup is prone to multiple vulnerabilities, including arbitrary file download and arbitrary code execution vulnerabilities. Exploiting these issues could allow an attacker to gain access to sensitive information, which may aid in launching further attacks, to execute arbitrary commands with the privileges of the user running the application, to compromise the application or the underlying database, to access or modify data or to compromise a vulnerable system. WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup version 4.11.33 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 4.11.37 or latest

References

https://www.exploit-db.com/exploits/38176/

Related Vulnerabilities

SharePoint CVE-2022-30172 Vulnerability (CVE-2022-30172)

Joomla CVE-2012-0836 Vulnerability (CVE-2012-0836)

WordPress Plugin Ultimate Category Excluder Cross-Site Request Forgery (1.1)

WordPress Plugin WP Events Calendar 'event_id' Parameter SQL Injection (6.5.2)

WordPress Plugin Simple Download Monitor Cross-Site Scripting (3.5.3)

Severity

High

Classification

CWE-22 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update