CVE-2024-13230

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Limited SQL Injection via the ‘SuperSocializerKey’ parameter in all versions up to, and including, 7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional values into the already existing query that can be used to extract user metadata from the database.

Related Vulnerabilities

CVE-2017-16733

MEDIUM
CVSS:5.3(Medium)

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information f...

CWE-892017

CVE-2017-16735

MEDIUM
CVSS:5.3(Medium)

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.

CWE-892017

CVE-2018-17542

MEDIUM
CVSS:5.3(Medium)

SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter ...

CWE-892018

CVE-2018-5443

MEDIUM
CVSS:5.3(Medium)

A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.

CWE-892018

CVE-2019-14430

MEDIUM
CVSS:5.3(Medium)

plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.

CWE-892019

CVE-2019-3797

MEDIUM
CVSS:5.3(Medium)

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more resul...

CWE-892019