PT-2024-10624 · WordPress · Webuidesigning Nebulax Theme
Published
2024-12-23
·
Updated
2024-12-24
·
CVE-2018-25106
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
webuidesigning NebulaX Theme versions up to 5.0 on WordPress
Description
A critical vulnerability has been found in the webuidesigning NebulaX Theme, affecting the function
nebula send to hubspot of the file libs/Legacy/Legacy.php. The manipulation leads to SQL injection. The attack may be initiated remotely.Recommendations
For webuidesigning NebulaX Theme versions up to 5.0 on WordPress, apply the patch named 41230a81db0f671c570c2644bc2f80565ca83c5a to fix this issue. As a temporary workaround, consider disabling the
nebula send to hubspot function until the patch is applied.Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Webuidesigning Nebulax Theme