mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-12 18:42:46 +00:00
807 B
807 B
CVE-2021-24399
Description
The check_order function of The Sorter WordPress plugin through 1.0 uses an area_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
POC
Reference
- https://codevigilant.com/disclosure/2021/wp-plugin-the-sorter/
- https://wpscan.com/vulnerability/f7af0795-f111-4acc-9b1e-63cae5862f8b