CVE-2024-25910

WordPress MoveTo Plugin <= 6.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.

We have discovered 49 live websites that are affected by CVE-2024-25910.

Affected Software


Product	MoveTo
Category	Animation
Vulnerable Versions	from 0 through 6.2
Total Vulnerable Versions	10
Vulnerable Domains	49 live websites (100.00% of MoveTo install base)

Common Weakness Enumeration

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Available Reports

Website List

Details

Published - Feb 28, 2024
Updated - Feb 28, 2024

Credits

Dave Jong (Patchstack) (finder)

CWE

CWE-89

CVE References

CWE References

cwe.mitre.org

Countries

United States	17 websites

Japan	17 websites
Netherlands	5 websites
Australia	2 websites
Russia	2 websites
Brazil	1 websites
China	1 websites
Greenland	1 websites
Greece	1 websites
New Zealand	1 websites

TLDs

.com	21 websites
.jp	7 websites
.nl	5 websites
.org	5 websites
.co.jp	1 websites
.com.au	1 websites
.eu	1 websites
.pl	1 websites
.ru	1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

References

https://patchstack.com/database/vulnerability/moveto/wordpress-moveto-plugin-6-2-unauthenticated-sql-injection-vulnerability?_s_id=cve

Websites affected by CVE-2024-25910

Top websites that are affected by CVE-2024-25910. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
***********.jp	Japan	*,*
********..jp	Japan	,,*
*************.com	Japan	,,*
*.****.jp	Japan	,,*
****************.com	United States	,,*
***************.org	United States	,,*
******************.jp	Japan	,,*
********.com	United States	,,*
*****************.com	United States	,,*
*********.com	United States	,,*

See full domain list