Vulnerabilities

CVE-2021-24403

by Fred · 20/09/2021

The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors

Date published : 2021-09-20

https://codevigilant.com/disclosure/2021/wp-plugin-wpagecontact/

https://wpscan.com/vulnerability/a87040c1-58fc-4bf7-8bfa-0b9712a62ba8

Similar

Tags: Cybersecurity Alert