CVE-2024-10009: Website File Changes < 2.1.0 - Admin+ Authenticated SQL Injection
Published May 15, 2025
·Updated
The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
Affected Software
2 affected components
Melapress File Monitor<2.1.0
Melapress Melapress File Monitor WordPress<2.1.0
Event History
May 15, 2025
CVE Published
via MITRE·08:06 PM
Data Sourced
via MITRE·08:06 PM
DescriptionWeakness
Data Sourced
via NVD·08:15 PM
DescriptionSeverity
Frequently Asked Questions
1
What is the severity of CVE-2024-10009?
CVE-2024-10009 is classified as a high severity vulnerability due to its potential for SQL injection attacks.
2
How do I fix CVE-2024-10009?
To fix CVE-2024-10009, update the Melapress File Monitor plugin to version 2.1.0 or later.
3
What types of attacks can be carried out using CVE-2024-10009?
CVE-2024-10009 allows for SQL injection attacks, which can lead to unauthorized access to the database.
4
Who is affected by CVE-2024-10009?
Admins using Melapress File Monitor plugin versions prior to 2.1.0 are affected by CVE-2024-10009.
5
Is CVE-2024-10009 specific to any particular version of WordPress?
CVE-2024-10009 is not specific to WordPress versions but affects the Melapress File Monitor plugin prior to version 2.1.0.