Multiple WordPress Plugins Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-51820 CVSS:8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in L Squared Support L Squared Hub WP allows SQL Injection.

CVE-2024-51837 CVSS:8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SONS Creative Development WP Contest allows SQL Injection.

CVE-2024-51843 CVSS:8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Olland.Biz Horsemanager allows Blind SQL Injection.

Impact

Data Manipulation

Indicators of Compromise

CVE

CVE-2024-51820
CVE-2024-51837
CVE-2024-51843

Affected Vendors

WordPress

Affected Products

L Squared Support L Squared Hub WP - n/a
SONS Creative Development WP Contest - n/a
Olland.biz Horsemanager - n/a

Remediation

Upgrade to the latest version, available from the WordPress Plugin Directory.

CVE-2024-51820

CVE-2024-51837

CVE-2024-51843

North Korean Threat Actors Deploy Flutter-Based Malware to Target macOS Users – Active IOCs

Multiple Microsoft Windows Task Scheduler and NTLM Vulnerabilities Exploit in the Wild

Multiple WordPress Plugins Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan