What is CVE-2024-37112 — SQL Injection in Wishlist Member WordPress Plugin?

CVE-2024-37112 is a critical SQL Injection vulnerability in the Wishlist Member WordPress plugin, allowing attackers to manipulate the database and potentially steal sensitive information.

Am I affected by CVE-2024-37112 in Wishlist Member WordPress Plugin?

You are affected if you are using Wishlist Member version 3.26.7 or earlier. Immediately check your plugin version and upgrade if necessary.

How do I fix CVE-2024-37112 in Wishlist Member WordPress Plugin?

Upgrade the Wishlist Member plugin to version 3.26.7 or later. Consider implementing a WAF rule as a temporary workaround if upgrading is not immediately possible.

Is CVE-2024-37112 being actively exploited?

While no active exploitation campaigns have been confirmed, the CRITICAL severity and ease of exploitation make it a high-priority target, and exploitation is likely.

Where can I find the official Wishlist Member advisory for CVE-2024-37112?

Refer to the Wishlist Member website and WordPress plugin repository for the latest security advisory and update information.

CVE-2024-37112 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2024-37112 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• wordpress / composer / npm:

grep -r "wishlist_member" /var/www/html/wp-content/plugins/
wp plugin list | grep wishlist-member

• generic web:

curl -I https://your-wordpress-site.com/wp-admin/admin.php?page=wishlist-member-settings&action=edit_settings&setting=some_parameter'

• wordpress / composer / npm:

wp plugin auto-update wishlist-member

WishList Member X <= 3.25.1 - Unauthenticated Arbitrary SQL Execution

Impacto e Cenários de Ataquetraduzindo…

Contexto de Exploraçãotraduzindo…

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativastraduzindo…

Como corrigirtraduzindo…

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2024-37112 — SQL Injection in Wishlist Member WordPress Plugin?

Am I affected by CVE-2024-37112 in Wishlist Member WordPress Plugin?

How do I fix CVE-2024-37112 in Wishlist Member WordPress Plugin?

Is CVE-2024-37112 being actively exploited?

Where can I find the official Wishlist Member advisory for CVE-2024-37112?

Seu projeto está afetado?

Detecte esta CVE no seu projeto