Emagicone Store Manager
Monthly
Blind SQL injection in the eMagicOne Store Manager WordPress plugin (versions up to and including 1.3.2) allows remote unauthenticated attackers to inject malicious SQL through improperly sanitized parameters. With a CVSS 9.3 score and changed scope, successful exploitation can expose confidential database contents across the WordPress installation, though EPSS remains very low (0.03%) and no public exploit identified at time of analysis.
Blind SQL injection in the eMagicOne Store Manager WordPress plugin (versions up to and including 1.3.2) allows remote unauthenticated attackers to inject malicious SQL through improperly sanitized parameters. With a CVSS 9.3 score and changed scope, successful exploitation can expose confidential database contents across the WordPress installation, though EPSS remains very low (0.03%) and no public exploit identified at time of analysis.