Lucene search
China National Vulnerability DatabaseCNVD-2022-69140HistoryJun 15, 2021 - 12:00 a.m.
WordPress side buttons plugin SQL injection vulnerability
2021-06-1500:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
wordpress
php
mysql
sql injection
vulnerability
admin users
plugin menu
cleanup
validation
escaping
sql statements
EPSS
0.001
Percentile
44.7%
WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A SQL injection vulnerability exists in versions of the WordPress side buttons plugin prior to 3.1.5. The vulnerability stems from the plugin’s menu delete feature available to admin users, which accepts the did GET parameter and uses it in SQL statements without proper cleanup, validation, or escaping. An attacker could exploit this vulnerability to cause a SQL injection issue.
Related
patchstack
patchstack
cvelist
cvelist
CVE-2021-24348 Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection
2021-06-14 13:37:12
nvd
nvd
CVE-2021-24348
2021-06-14 14:15:08
wpvulndb
wpvulndb
Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection
2021-05-27 00:00:00
prion
prion
Sql injection
2021-06-14 14:15:00
wpexploit
wpexploit
Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection
2021-05-27 00:00:00
cve
cve
CVE-2021-24348
2021-06-14 14:15:08