CVE-2021-24580 Side Menu Lite < 2.2.6 - Authenticated SQL Injection

2021-08-3014:11:22

CWE-89

WPScan

www.cve.org

cve-2021-24580

side menu lite

sql injection

wordpress plugin

admin dashboard

EPSS

0.001

Percentile

36.9%

JSON

The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection issue

CNA Affected

[
  {
    "product": "Side Menu Lite - add sticky fixed buttons",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.2.6",
        "status": "affected",
        "version": "2.2.6",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/2faccd1b-4b1c-4b3e-b917-de2d05e860f8

EPSS

0.001

Percentile

36.9%

JSON

Related for CVELIST:CVE-2021-24580