WordPress Classic Editor & Widgets Plugin SQL Injection Vulnerability (CVSS 8.5)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Title: WordPress Classic Editor and Classic Widgets Plugin <= 1.4.1 is vulnerable to SQL Injection - Severity: High Priority - Affected Versions: <= 1.4.1 - Fixed Version: 1.4.2 2. Risk: - CVSS Score: 8.5 - Description: This vulnerability is highly dangerous and expected to be exploited on a large scale. It allows malicious attackers to directly interact with the database, including but not limited to stealing information. 3. Solution: - Recommendation: Immediately take action or remediate the vulnerability. - Automatic Patch: Patchstack has released a virtual patch to block any attacks until updated to the fixed version. - Update to 1.4.2 or higher: Upgrade to version 1.4.2 or higher to remove the vulnerability. Patchstack users can enable automatic updates. 4. Details: - Software: Classic Editor and Classic Widgets Plugin - Type: Plugin - Affected Versions: <= 1.4.1 - Fixed Version: 1.4.2 5. Timeline: - Reported: August 30, 2024 - Early Warning: Sent to Patchstack customers on September 25, 2024 - Published: September 27, 2024 6. Additional Information: - Contact: For more information or questions, please contact us. - Subscribe: Weekly WordPress security intelligence will be delivered to your inbox. This information provides a detailed description of the vulnerability, risk assessment, remediation steps, and timeline, helping users understand the severity and take appropriate actions.

Goal Reached Thanks to every supporter — we hit 100%!

WordPress Classic Editor & Widgets Plugin SQL Injection Vulnerability (CVSS 8.5)