CVE-2024-6265 Scanner

The UsersWP plugin is a widely used component in WordPress sites for front-end login, user registration, user profile management, and managing member directories. It is popular among administrators and developers looking to provide a customizable user management experience on WordPress-based websites. The plugin can be found in countless installations, making it essential for efficient site management and community interaction.

The vulnerability identified in UsersWP is a critical SQL Injection flaw that permits unauthenticated attackers to execute arbitrary SQL queries on a WordPress site. This vulnerability arises due to insufficient escaping of the 'uwp_sort_by' parameter, allowing malicious queries to be executed. If exploited, it enables attackers to breach sensitive database contents.

The SQL Injection vulnerability is triggered by manipulating the 'uwp_sort_by' parameter input without proper sanitization. Malicious actors can exploit this flaw by crafting special requests to inject SQL commands, potentially compromising the website's database and accessing sensitive information.

Successful exploitation of this vulnerability can have severe consequences, including unauthorized data access, data modification, and potential control over database contents. This could lead to data breaches, loss of data integrity, and unauthorized exposure of confidential information.

REFERENCES

• https://nvd.nist.gov/vuln/detail/CVE-2024-6265