CVE-2024-6809

Critical CVSS: 9.8

The Simple Video Directory WordPress plugin before 1.4.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

Vendor

Quantumcloud

Product

Simple Video Directory

CWE

CWE-89

Yayın Tarihi

2025-05-15 20:15:56

Güncelleme

2025-06-05 14:21:45

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-89 Simple Video Directory CRITICAL Quantumcloud 2025

Referanslar

https://wpscan.com/vulnerability/60abcae5-4c89-4d48-95f8-6a80e5f06a37/

Benzer Kayıtlar

Low

CVE-2025-9111

The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which cou…

Medium

CVE-2025-0329

The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which cou…

Medium

CVE-2024-12879

The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing…