Nicen Localize Image
Monthly
Authenticated SQL injection in the WordPress plugin nicen-localize-image (versions 1.4.9 and earlier) allows users holding the low-privilege Contributor role to inject arbitrary SQL into the WordPress database backend. Because the CVSS scope is changed and confidentiality impact is High, a Contributor can read data beyond the plugin's own remit, potentially extracting other users' credentials or secrets from the wp_users/wp_options tables. Reported by Patchstack with a CVSS of 8.5; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Authenticated SQL injection in the WordPress plugin nicen-localize-image (versions 1.4.9 and earlier) allows users holding the low-privilege Contributor role to inject arbitrary SQL into the WordPress database backend. Because the CVSS scope is changed and confidentiality impact is High, a Contributor can read data beyond the plugin's own remit, potentially extracting other users' credentials or secrets from the wp_users/wp_options tables. Reported by Patchstack with a CVSS of 8.5; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.