Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through <= 3.15.
AnalysisAI
Paid Downloads WordPress plugin has a SQL injection vulnerability enabling database compromise through the download management functionality.
Technical ContextAI
The Paid Downloads plugin by ichurakov has a CWE-89 SQL injection vulnerability that allows attackers to inject SQL commands through the download management interface.
Affected ProductsAI
ichurakov Paid Downloads WordPress plugin
RemediationAI
Update the plugin. Audit payment records for unauthorized access.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today