CVE-2024-5756 is a critical vulnerability in the Icegram Express plugin for WordPress. This vulnerability allows for time-based SQL Injection via the db parameter, affecting all versions up to and including 5.7.23. The root cause of this vulnerability is insufficient escaping on user-supplied parameters and a lack of proper preparation in the existing SQL query. This SQL injection flaw can enable unauthenticated attackers to append additional SQL queries to existing ones, potentially extracting sensitive information from the database.
With a CVSS score of 9.8, this vulnerability is classified as critical, indicating that it poses a significant risk to organizations utilizing the affected plugin. The potential impact includes unauthorized access to sensitive data, making immediate remediation essential.
As of now, there are no known exploits, and the vulnerability has not been actively targeted in the wild. However, the possibility of exploitation due to its critical nature means organizations should prioritize patching this vulnerability immediately.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)