CVEs-PoC/2021/CVE-2021-24580.md

### [CVE-2021-24580](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24580)
![](https://img.shields.io/static/v1?label=Product&message=Side%20Menu%20Lite%20-%20add%20sticky%20fixed%20buttons&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2.2.6%3C%202.2.6%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)

### Description

The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection issue

### POC

#### Reference
- https://wpscan.com/vulnerability/2faccd1b-4b1c-4b3e-b917-de2d05e860f8

#### Github
No PoCs found on GitHub currently.