CVE-2024-51715

High

Published: 07 January 2025

Published

07 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

EPSS Score 0.0043 62.8th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickWhale ClickWhale clickwhale allows Blind SQL Injection.This issue affects ClickWhale: from n/a through <= 2.4.1.

Security Summary

CVE-2024-51715 is an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that enables Blind SQL Injection in the ClickWhale WordPress plugin. This flaw affects ClickWhale versions from n/a through 2.4.1 and is associated with CWE-89.

The vulnerability carries a CVSS v3.1 base score of 8.5 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L), indicating it can be exploited remotely by low-privileged users with low attack complexity and no user interaction required. Successful exploitation allows attackers to achieve high confidentiality impact by extracting sensitive data from the database, with a changed scope, no integrity impact, and low availability impact.

The Patchstack advisory provides details on this SQL injection vulnerability in the WordPress ClickWhale plugin version 2.4.1: https://patchstack.com/database/Wordpress/Plugin/clickwhale/vulnerability/wordpress-clickwhale-plugin-2-4-1-sql-injection-vulnerability?_s_id=cve.

Details

CWE(s): CWE-89

Affected Products

flowdee

clickwhale

≤ 2.4.2

References

https://patchstack.com/database/Wordpress/Plugin/clickwhale/vulnerability/wordpress-clickwhale-plugin-2-4-1-sql-injection-vulnerability?_s_id=cve
Third Party Advisory · audit@patchstack.com