cleantalk
Vulnerabilities and Security Researches

Accredible Certificates & Open Badges, CVE-2024-13909

CVE, Research URL

CVE-2024-13909

Home page URL

Security reports for Accredible Certificates & Open Badges

Application

Accredible Certificates & Open Badges

Published on
Apr 10, 2025
Research Description
The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
Min -, max 1.4.9.
Status
vulnerable
Previous vulnerability researches
Hypotext (CVE-2025-31761) , Apr 03, 2025
New vulnerability
CRUDLab Scroll to Top (CVE-2025-22774) , Apr 18, 2025
Editor Wysiwyg Background Color (CVE-2025-23958) , Apr 18, 2025
Subscribe to Unlock Lite – Opt In Content Locker Plugin for WordPress (CVE-2025-39592) , Apr 18, 2025
Membership For WooCommerce – Add Simple Membership Plans, Recurring Revenue, Product Tags & Send Emails To Members wi (CVE-2025-39579) , Apr 18, 2025
WP Flipclock (CVE-2025-39540) , Apr 18, 2025