CVE-2024-54261: WordPress TAX SERVICE Electronic HDM plugin <= 1.1.2 - SQL Injection vulnerability

10.0 CVSS

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM allows SQL Injection.This issue affects TAX SERVICE Electronic HDM: from n/a through 1.1.2.

Classification

CVE ID: CVE-2024-54261

CVSS Base Severity: CRITICAL

CVSS Base Score: 10.0

Affected Products

Vendor: HK Digital Agency LLC

Product: TAX SERVICE Electronic HDM

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://patchstack.com/database/wordpress/plugin/virtual-hdm-for-taxservice-am/vulnerability/wordpress-tax-service-electronic-hdm-plugin-1-1-2-sql-injection-vulnerability?_s_id=cve

Timeline

2024-12-14 00:30:31 UTC
CVE

WordPress TAX SERVICE Electronic HDM plugin <= 1.1.2 - SQL Injection vulnerability