CVE-2024-51818

CVE-2024-51818 is an Improper Neutralization of Special Elements used in an SQL Command, known as an SQL Injection vulnerability (CWE-89), affecting the Fancy Product Designer WordPress plugin developed by radykal under the fancy-product-designer component. This issue impacts all versions from n/a through 6.4.3. The vulnerability carries a CVSS v3.1 base score of 9.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L), indicating critical severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and potential for scope change with high confidentiality impact.

Unauthenticated remote attackers can exploit this vulnerability over the network without privileges or user interaction. Successful exploitation enables high confidentiality impact, such as unauthorized extraction of sensitive data from the database, alongside low availability disruption, while integrity remains unaffected.

The Patchstack advisory at the provided reference URL documents this unauthenticated SQL injection vulnerability specifically in Fancy Product Designer plugin version 6.4.3 for WordPress and offers details on mitigation strategies.