CVE-2024-3060

Name of the Vulnerable Software and Affected Versions ENL Newsletter WordPress plugin versions 1.0.0 through 1.0.1

Description The issue allows admin+ users to perform SQL injection attacks due to the lack of sanitization and escaping of a parameter before its use in a SQL statement.

Recommendations For ENL Newsletter WordPress plugin versions 1.0.0 through 1.0.1, update to a version that properly sanitizes and escapes parameters used in SQL statements to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.