Menu

CVE-2024-12773 β€” Critical SQL Injection

WordPress Plugin Altra Side Menu β€” Discovered by Seckhmet

Vulnerability Information

CVE IDCVE-2024-12773
TypeSQL Injection (SQLi)
Affected ComponentWordPress Plugin Altra Side Menu
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS Score7.2 β€” High
Discovered bySeckhmet

Description

A critical SQL Injection was discovered in the WordPress plugin Altra Side Menu. This vulnerability, exploitable with administrator privileges, allows direct attacks on the database with a triple impact on confidentiality, integrity and availability (C:H/I:H/A:H).

An attacker can potentially read all stored data, modify or delete it, and cause complete unavailability of the WordPress service.

CVSS Analysis

  • AV:N β€” Network vector: remotely exploitable
  • AC:L β€” Low complexity
  • PR:H β€” Administrator privileges required
  • UI:N β€” No user interaction
  • S:U β€” Unchanged scope
  • C:H / I:H / A:H β€” Critical impact on all three security pillars

Recommendations

Update the Altra Side Menu plugin immediately. Audit access logs to detect any past exploitation. Restrict administrator access and implement a continuous monitoring solution like Seckhmet to be alerted of future vulnerabilities.