WordPress Click & Pledge Connect Plugin <= 2.24080000-WP6.6.1 is vulnerable to SQL Injection

Low priority Mitigation unnecessary
<= 2.24080000-WP6.6.1Vulnerable version(s)
2.24120000-WP6.7.1Fixed version
WordPress plugin
No VDP
9 Apr, 2025

Get the fastest vulnerability mitigation with Patchstack!

Get started

Risks

CVSS 7.2

7.2

SQL Injection

This could allow a malicious actor to directly interact with your database, including but not limited to stealing information.

CVSS score is a way to evaluate and rank reported vulnerabilities in a standardized and repeatable way but which is not ideal for WordPress.

Solutions

This security issue has a low severity impact and is unlikely to be exploited.

Update to version 2.24120000-WP6.7.1 or later.

Update to version 2.24120000-WP6.7.1 or later to remove the vulnerability. Patchstack users can turn on auto-update for vulnerable plugins only.

Details

Have additional information or questions about this entry? Let us know.
Go to
WordPress plugin
No VDP

Timeline

Reported byProfile ImageJoão Pedro S Alcântara (Kinorth)

9 Apr, 2025

Early warning sent out to Patchstack customers

9 Apr, 2025

Published by Patchstack

9 Apr, 2025

Weekly WordPress security intelligence delivered to your inbox.