Published On: Aug 16, 2024 19:00
Advisory No: TZCERT-SA-24-0025
Source: Wordfence
Software Affected: opti-marketing, truebooker-appointment-booking
WordPress is vulnerable to two critical vulnerabilities. Exploitation of these vulnerabilities may allow an unauthenticated attacker to extract sensitive information.
WordPress plugins opti-marketing and truebooker-appointment-booking are affected by the vulnerabilities tracked as CVE-2024-6928 and CVE-2024-6924 with CVSS score of 10. The plugins are vulnerable to PHP Code Injection due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query, and due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. Remote attackers can exploit the vulnerabilities to extract sensitive information from the database.
Successful exploitation of these vulnerabilities may allow an attacker to gain access to sensitive information.
WordPress has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.