{"id":9797,"date":"2025-08-05T21:39:45","date_gmt":"2025-08-05T21:39:45","guid":{"rendered":"http:\/\/localhost\/?p=9797"},"modified":"2025-08-05T21:39:45","modified_gmt":"2025-08-05T21:39:45","slug":"cleverreach-wp-1520-unauthenticated-sql-injection-via-title-parameter","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9797","title":{"rendered":"CleverReach WP <= 1.5.20 - Unauthenticated SQL Injection via title Parameter"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nCleverReach WP <= 1.5.20 - Unauthenticated SQL Injection via title Parameter<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-08-06T01:45:11.881Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-08-06T01:45:11.881Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\ncleverreach43<\/td>\n<\/tr>\n
Product<\/th>\nCleverReach\u00ae WP<\/td>\n<\/tr>\n
Version<\/th>\n*<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n7.5 (HIGH)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nThe CleverReach\u00ae WP plugin for WordPress is vulnerable to a time-based SQL Injection via the ‘title’ parameter. This allows unauthenticated attackers to execute additional SQL queries, potentially extracting sensitive data. The issue affects versions up to 1.5.20 due to insufficient input escaping and improper SQL query preparation.<\/td>\n<\/tr>\n
AI Severity<\/th>\nHigh<\/td>\n<\/tr>\n
AI Vendor<\/th>\nWordPress Community<\/td>\n<\/tr>\n
AI Product<\/th>\nCleverReach\u00ae WP<\/td>\n<\/tr>\n
AI Version<\/th>\n<=1.5.20<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n