PT-2023-30945 · WordPress · Guardgiant Brute Force Protection

Mika

Published

2023-12-19

Updated

2023-12-28

CVE-2023-48764

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions GuardGiant Brute Force Protection WordPress Brute Force Protection – Stop Brute Force Attacks versions through 2.2.5

Description The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This vulnerability affects the GuardGiant Brute Force Protection WordPress Brute Force Protection – Stop Brute Force Attacks plugin.

Recommendations For versions through 2.2.5, update to a version later than 2.2.5 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries until a patch is available.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-48764

Affected Products

Guardgiant Brute Force Protection

PT-2023-30945 · WordPress · Guardgiant Brute Force Protection

CVE-2023-48764

Weakness Enumeration

Related Identifiers

Affected Products

References · 8