CVE-2024-56250

High

Published: 02 January 2025

Published

02 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.6 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

EPSS Score 0.0018 39.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Greg Ross Just Writing Statistics just-writing-statistics allows SQL Injection.This issue affects Just Writing Statistics: from n/a through <= 4.7.

Security Summary

CVE-2024-56250 is an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability, classified under CWE-89, affecting the Just Writing Statistics WordPress plugin developed by Greg Ross (just-writing-statistics). This issue impacts all versions from n/a through 4.7, as published on 2025-01-02.

The vulnerability carries a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L), indicating it is exploitable over the network with low attack complexity by users possessing high privileges, without requiring user interaction. Successful exploitation changes the scope and results in high confidentiality impact with low availability impact, enabling attackers to inject malicious SQL commands and potentially extract sensitive data from the database.

The Patchstack advisory provides further details on this SQL injection vulnerability in the WordPress Just Writing Statistics plugin version 4.7, available at https://patchstack.com/database/Wordpress/Plugin/just-writing-statistics/vulnerability/wordpress-just-writing-statistics-plugin-4-7-sql-injection-vulnerability?_s_id=cve.

Details

CWE(s): CWE-89

References

https://patchstack.com/database/Wordpress/Plugin/just-writing-statistics/vulnerability/wordpress-just-writing-statistics-plugin-4-7-sql-injection-vulnerability?_s_id=cve
audit@patchstack.com