CVE-2024-49614

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SermonAudio SermonAudio Widgets sermonaudio-widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through <= 1.9.3.

CVSS v3 8.5 HIGH

8.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://patchstack.com/database/Wordpress/Plugin/sermonaudio-widgets/vulnerability/wordpress-sermonaudio-widgets-plugin-1-9-3-sql-injection-vulnerability?_s_id=cve

Configurations

Configuration 1 (hide)

cpe:2.3:a:sermonaudio:sermonaudio_widgets:*:*:*:*:*:wordpress:*:*

History

23 Apr 2026, 15:19

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : 8.5

01 Apr 2026, 16:18

Type	Values Removed	Values Added
Summary	(en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dan Alexander SermonAudio Widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through 1.9.3.	(en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SermonAudio SermonAudio Widgets sermonaudio-widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through <= 1.9.3.
References	{'url': 'https://patchstack.com/database/vulnerability/sermonaudio-widgets/wordpress-sermonaudio-widgets-plugin-1-9-3-sql-injection-vulnerability?_s_id=cve', 'tags': ['Third Party Advisory'], 'source': 'audit@patchstack.com'}	() https://patchstack.com/database/Wordpress/Plugin/sermonaudio-widgets/vulnerability/wordpress-sermonaudio-widgets-plugin-1-9-3-sql-injection-vulnerability?_s_id=cve -

22 Oct 2024, 15:34

Type	Values Removed	Values Added
References	~~() https://patchstack.com/database/vulnerability/sermonaudio-widgets/wordpress-sermonaudio-widgets-plugin-1-9-3-sql-injection-vulnerability?_s_id=cve -~~	() https://patchstack.com/database/vulnerability/sermonaudio-widgets/wordpress-sermonaudio-widgets-plugin-1-9-3-sql-injection-vulnerability?_s_id=cve - Third Party Advisory
First Time		Sermonaudio Sermonaudio sermonaudio Widgets
CPE		cpe:2.3:a:sermonaudio:sermonaudio_widgets::::::wordpress::*
CVSS	v2 : ~~unknown~~ v3 : ~~8.5~~	v2 : unknown v3 : 8.8

21 Oct 2024, 17:09

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando SQL ('Inyección SQL') en Dan Alexander SermonAudio Widgets permite la inyección SQL. Este problema afecta a SermonAudio Widgets: desde n/a hasta 1.9.3.

20 Oct 2024, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-20 10:15

Updated : 2026-04-23 15:19

NVD link : CVE-2024-49614

Mitre link : CVE-2024-49614

CVE.ORG link : CVE-2024-49614

JSON object : View

Products Affected

sermonaudio

sermonaudio_widgets

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

8.5 /10